SKCCSUPPORT
asked on
Cannot Connect to Exchange 2007 SMTP service via SSL
I have an application server that runs a Helpdesk software called Numara TrackIt 8.5. When it tries to send out email notifications via SMTP to our Exchange 2007 server, it gives a SSL certificate invalid errors. Our SSL certificates for the Exchange 2007 server are through DigiCert and are still valid. I have confirmed that the problem isn't with TrackIt, rather than either an improperly imported SSL certificate on our application server or Exchange configuration error.
Could someone provide me with steps that would allow me to successfully export the public SSL key (which is what I believe it needs in order to connect to the SMTP service on Exchange via SSL) from the Exchange Server and correctly import it into my application server? Both servers run Windows Server 2003 Standard.
Could someone provide me with steps that would allow me to successfully export the public SSL key (which is what I believe it needs in order to connect to the SMTP service on Exchange via SSL) from the Exchange Server and correctly import it into my application server? Both servers run Windows Server 2003 Standard.
ASKER
SysExpert: that is the way that I originally exported the certificate as a .pfx file. I think the problem might be the way I'm importing it into the server. I copied over the resulting exported certificate and double clicked it to install on the server. When it asked me how I'd like to import it, I selected "Automatically select the certificate store based on the type of certificate".
In the SMTP server settings of my application, the port was set to 25. For server name I put the FQDN, so that shouldn't be a problem, and made sure it was set to "SMTP server requires authentication." Everything works if I direct it to an older Exchange 2000 server that doesn't require SSL for SMTP. Is there anything I need to do in Exchange 2007 or with the way I'm importing the public key on my App server?
In the SMTP server settings of my application, the port was set to 25. For server name I put the FQDN, so that shouldn't be a problem, and made sure it was set to "SMTP server requires authentication." Everything works if I direct it to an older Exchange 2000 server that doesn't require SSL for SMTP. Is there anything I need to do in Exchange 2007 or with the way I'm importing the public key on my App server?
could you be more specific on the certificate error?
did you create the proper subject alternative names for the cert? when you say you used the FQDN, is that the internal or external FQDN? is that FQDN used on the cert?
did you create the proper subject alternative names for the cert? when you say you used the FQDN, is that the internal or external FQDN? is that FQDN used on the cert?
ASKER
The certificate error I get from the Helpdesk software we use simply says "Certificate Validation Error". It only seems to apply to SMTP transactions. The cert installed on the Exchange server has all of the correct SAN's, and the FQDN I mentioned is in the cert and is the same for internal and external network.
can you relay from the app server through the exch2007 server via smtp commands?
ASKER
tdkim1: Could you give me some instruction on how I'd go about testing that? I'm not really an Exchange Administrator. The job has been thrown in my lap. I can telnet into the Exch07 server and get responses from the EHLO command. When I try to craft an email using the "MAIL FROM:{email address}" command it fails out stating the client was not authenticated.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
tdkim1: that did it! After setting up the receive connector like you specified, my helpdesk app server was able to send messages without authentication or SSL to my Exchange07 server via telnet and the app itself. We really don't need SSL for that, anyways. Thanks a million!
3. Right-Click Default Web-Site and select Properties.
4. Open the Directory Security Tab and select Server Certificate
Should be an option to export it.
I hope this helps !