Exchange certificate problem

bremen1874

bremen1874

bremen1874

Soldato
Joined
20 Oct 2008
Posts
12,082
I've got an SBS2011 server running Exchange 2010. It's going to be replaced soon, but I can't get rid of it yet.

We've identified a problem where Exchange isn't using the certificate we thought it was. In the EMC it looks like this:

R14Er91.png


It should be using the COMODO certificate but appears to be using the local certificate at the top of the list instead.

This was highlighted by a PCI DSS scan and confirmed by testing using checktls.com.

Any pointers on how to fix this? My Exchange knowledge is very surface and I don't want to break something I don't know how to fix.

The test SBS 2011 box I set up for comparison doesn't have this problem.
 
You should in theory just be able to unassign the SMTP service from the top certificate and it will start working as the COMODO certificate has both IIS and SMTP Services enabled on it.
 
When I tried that it wouldn't let me. Something related to the internal transport.

From reading around this may be a priority issue. Unfortunately, I don't know how to check this, or how to change it if I need to.
 
Last edited:
I've seen that and looked at it.

The service (SMTP) is already assigned to the COMODO certificate. Should I remove SMTP from that certificate and then add it back in as a separate operation?
 
I think I've fixed it by removing the self-signed certificate completely.

Nothing appears to be broken and external diagnostics such as CheckTLS are now showing the correct certificate in use.

I was trying to remove services from the self-signed certificate, but from what I've found that isn't possible and you can only assign them.
 
You must log in or register to reply here.
Back
Top Bottom