More Whitepapers to Help You Securely Publish Exchange

@Robert - there is no Whitepaper for that scenario as all you need to do is enable cert auth in EMC. Without testing I'm not 100% sure on whether KCD is required between 2010 CAS and 2003 MBX, I suspect not, but it's an easy setting to figure out, it works, or it doesn't... I'll see if I can get time to test it, but I know it will work, it's just whether KCD is required or not that I am not sure of.

@Aengus - great, thanks for the feedback!

@Klaus - so the use of a tool like that presents some interesting questions. Firstly though, I would stand by my comment of machine certs not being able to be exported by default - they can't - unless you choose to use a tool like this (which is detected as a virus/trojan by many AV scanners) which requires you to have local admin priviliges as well - and the use of a tool like this is not the default behaviour of most users.

Given that most organizations that are looking to secure things like OA and OWA are already security minded - it's unlikely users will be local admins, could uninstall their AV etc. I'm not saying a tool like that can't be used to export a cert, I'm just saying that you can mitigate against it in several ways. Security is multi-layered, and one thing alone will never be enough to stop a determined hacker.