Cannot Connect to Exchange 2007 SMTP service via SSL

I have an application server that runs a Helpdesk software called Numara TrackIt 8.5.  When it tries to send out email notifications via SMTP to our Exchange 2007 server, it gives a SSL certificate invalid errors.  Our SSL certificates for the Exchange 2007 server are through DigiCert and are still valid.  I have confirmed that the problem isn't with TrackIt, rather than either an improperly imported SSL certificate on our application server or Exchange configuration error.  

Could someone provide me with steps that would allow me to successfully export the public SSL key (which is what I believe it needs in order to connect to the SMTP service on Exchange via SSL) from the Exchange Server and correctly import it into my application server?  Both servers run Windows Server 2003 Standard.
LVL 2
SKCCSUPPORTAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

SysExpertCommented:
2. Open Advanced Management > Internet Information Services > [your server] > Web-Sites > Default Web-Site.
   3. Right-Click Default Web-Site and select Properties.
   4. Open the Directory Security Tab and select Server Certificate

Should be an option to export it.


I hope this helps !
0
SKCCSUPPORTAuthor Commented:
SysExpert: that is the way that I originally exported the certificate as a .pfx file.  I think the problem might be the way I'm importing it into the server.  I copied over the resulting exported certificate and double clicked it to install on the server.  When it asked me how I'd like to import it, I selected "Automatically select the certificate store based on the type of certificate".  

In the SMTP server settings of my application, the port was set to 25.  For server name I put the FQDN, so that shouldn't be a problem, and made sure it was set to "SMTP server requires authentication."  Everything works if I direct it to an older Exchange 2000 server that doesn't require SSL for SMTP.  Is there anything I need to do in Exchange 2007 or with the way I'm importing the public key on my App server?
0
tdkim1Commented:
could you be more specific on the certificate error?

did you create the proper subject alternative names for the cert?  when you say you used the FQDN, is that the internal or external FQDN?  is that FQDN used on the cert?
0
Protecting & Securing Your Critical Data

Considering 93 percent of companies file for bankruptcy within 12 months of a disaster that blocked access to their data for 10 days or more, planning for the worst is just smart business. Learn how Acronis Backup integrates security at every stage

SKCCSUPPORTAuthor Commented:
The certificate error I get from the Helpdesk software we use simply says "Certificate Validation Error".  It only seems to apply to SMTP transactions.  The cert installed on the Exchange server has all of the correct SAN's, and the FQDN I mentioned is in the cert and is the same for internal and external network.
0
tdkim1Commented:
can you relay from the app server through the exch2007 server via smtp commands?
0
SKCCSUPPORTAuthor Commented:
tdkim1: Could you give me some instruction on how I'd go about testing that?  I'm not really an Exchange Administrator.  The job has been thrown in my lap.  I can telnet into the Exch07 server and get responses from the EHLO command.  When I try to craft an email using the "MAIL FROM:{email address}" command it fails out stating the client was not authenticated.
0
tdkim1Commented:
You did the testing; looks like you may need to provide partnership access to the exchange server for the track-it server.

create a new receive connector, under the network tab add in the IP address of the track-it server to the bottom half "receive mail from remote servers...", under the authentication tab select TLS (first option).  then under the permissions tab select anonymous.

to create a new receive connector, go to the exchange console-->server config-->hub transport; using a 'custom' connector should work.

once you do this, try the telnet test again.  you should hopefully not receive the 'client was not authenticated' error.

let me know if you need more detailed info; you seem to be doing pretty good so far.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
SKCCSUPPORTAuthor Commented:
tdkim1: that did it!  After setting up the receive connector like you specified, my helpdesk app server was able to send messages without authentication or SSL to my Exchange07 server via telnet and the app itself.  We really don't need SSL for that, anyways.  Thanks a million!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.