After spending days trying to figure out how to configure TLS on my SMG, I finally got it to work. I wrote down all the steps just in case I had to do it again. I hope anyone that is struggling trying to configure TLS finds this information helpful.
NOTE! Backup your current SMG configuration before making any changes.
Basic overview:
1) Obtain an SSL CA for public name of mail server.
2) Obtain an Intermediate CA.
3) Install Intermediate CA.
4) Convert CA’s to PEM format.
5) Import SSL CA.
6) Change MTU host name to match public name of mail server.
7) Enable SMTP Inbound and Outbound TLS.
8) Enable SMTP Delivery TLS.
9) Add external domains to Domains list and set TLS requirement.
10) Reroute Outbound Exchange mail to SMG.
11) Test configuration.
Detailed instructions are attached.
I do not need a solution (just sharing information)