• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 917
  • Last Modified:

Cannot Connect to Exchange 2007 SMTP service via SSL

I have an application server that runs a Helpdesk software called Numara TrackIt 8.5.  When it tries to send out email notifications via SMTP to our Exchange 2007 server, it gives a SSL certificate invalid errors.  Our SSL certificates for the Exchange 2007 server are through DigiCert and are still valid.  I have confirmed that the problem isn't with TrackIt, rather than either an improperly imported SSL certificate on our application server or Exchange configuration error.  

Could someone provide me with steps that would allow me to successfully export the public SSL key (which is what I believe it needs in order to connect to the SMTP service on Exchange via SSL) from the Exchange Server and correctly import it into my application server?  Both servers run Windows Server 2003 Standard.
0
SKCCSUPPORT
Asked:
SKCCSUPPORT
  • 4
  • 3
1 Solution
 
SysExpertCommented:
2. Open Advanced Management > Internet Information Services > [your server] > Web-Sites > Default Web-Site.
   3. Right-Click Default Web-Site and select Properties.
   4. Open the Directory Security Tab and select Server Certificate

Should be an option to export it.


I hope this helps !
0
 
SKCCSUPPORTAuthor Commented:
SysExpert: that is the way that I originally exported the certificate as a .pfx file.  I think the problem might be the way I'm importing it into the server.  I copied over the resulting exported certificate and double clicked it to install on the server.  When it asked me how I'd like to import it, I selected "Automatically select the certificate store based on the type of certificate".  

In the SMTP server settings of my application, the port was set to 25.  For server name I put the FQDN, so that shouldn't be a problem, and made sure it was set to "SMTP server requires authentication."  Everything works if I direct it to an older Exchange 2000 server that doesn't require SSL for SMTP.  Is there anything I need to do in Exchange 2007 or with the way I'm importing the public key on my App server?
0
 
tdkim1Commented:
could you be more specific on the certificate error?

did you create the proper subject alternative names for the cert?  when you say you used the FQDN, is that the internal or external FQDN?  is that FQDN used on the cert?
0
Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

 
SKCCSUPPORTAuthor Commented:
The certificate error I get from the Helpdesk software we use simply says "Certificate Validation Error".  It only seems to apply to SMTP transactions.  The cert installed on the Exchange server has all of the correct SAN's, and the FQDN I mentioned is in the cert and is the same for internal and external network.
0
 
tdkim1Commented:
can you relay from the app server through the exch2007 server via smtp commands?
0
 
SKCCSUPPORTAuthor Commented:
tdkim1: Could you give me some instruction on how I'd go about testing that?  I'm not really an Exchange Administrator.  The job has been thrown in my lap.  I can telnet into the Exch07 server and get responses from the EHLO command.  When I try to craft an email using the "MAIL FROM:{email address}" command it fails out stating the client was not authenticated.
0
 
tdkim1Commented:
You did the testing; looks like you may need to provide partnership access to the exchange server for the track-it server.

create a new receive connector, under the network tab add in the IP address of the track-it server to the bottom half "receive mail from remote servers...", under the authentication tab select TLS (first option).  then under the permissions tab select anonymous.

to create a new receive connector, go to the exchange console-->server config-->hub transport; using a 'custom' connector should work.

once you do this, try the telnet test again.  you should hopefully not receive the 'client was not authenticated' error.

let me know if you need more detailed info; you seem to be doing pretty good so far.
0
 
SKCCSUPPORTAuthor Commented:
tdkim1: that did it!  After setting up the receive connector like you specified, my helpdesk app server was able to send messages without authentication or SSL to my Exchange07 server via telnet and the app itself.  We really don't need SSL for that, anyways.  Thanks a million!
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now