This problem regards a small private domain hosted by 2 WS'03r2x64StdEd DC's with SP2 and current updates. One DC is hosting Exchange 2007 Standard Edition SP3. The Hub Transport is Internet Facing thru a gateway-router/NAT/aDSL-mo
dem to an ISP (AT&T) for Internet and personal-mailbox services as afforded by AT&T and the hosting platform is multi-homed; 2 NIC's. The domain build aspects are sound. Exchange receives ISP mail via a mapiLab POP3 Connector (MPC); it works fine.
I'm trying to send all Internet destined email to the said AT&T service as a Smarthost. In pursuing this, I have configured a SMTP/SendConnector and created a Self-Signed Certificate to negotiate Start TLS as is initiated by our ISP (AT&T) when the ISP receives the SMTP mail we send. Currently, the sent msgs never reach their destination and i suspect that they hang in the submit queue (i could test this). I was hoping that a Self-Signed Certificate would be suffice for these SSL/TLS negotiations. In contrast, i've considered buying a 3rd party Certificate for this purpose or trying one of those as are enumerated within the Local-Store; i.e. CA>3rd Party Root Certification Authorities>Certificates. -I'm trying to refrain from buying a certificate that i don't absolutely need.
One problem is that the Self-Signed Certificate i created, imported, and enabled (for SMTP) is invalid; i.e. "This certificate has an nonvalid digital signature." (I'm currently working on this.) In summary, i'm wondering which of the following efforts would work for my objective:
repairing or rebuilding my invalid self-signed Certificate,
using one of my CA>3rd Party Root Certification Authorities>Certificates certficates,
procuring a Certificate specifically for this AT&T service.
Here's the command line i used to create the Certificate Request that has the invalid signature; note the Parameter Set:
New-ExchangeCertificate -DomainName smtp.att.yahoo.com, sbcGlobal.net, PrivDomName.local -FriendlyName “AT&T Start TLS” -GenerateRequest:$True -Keysize 1024 -PrivateKeyExportable:$true -SubjectName "DC=sbcGlobal, DC=net, O=ATTacccountOwnerName, C=US, CN=smtp-sbc.mail.yahoo.com, CN=smtp.sbc.mail.fy4.b.yahoo.com, CN=host.PrivDomName.local, CN=PrivDomName.local" -path "E:\Certificates\Requests\AT&T StartTLS.req.txt"
Here's the most significant part of the corresponding 12014 Application Event Description:
Microsoft Exchange could not find a certificate that contains the domain name sbcGlobal.net in the personal store on the local computer. Therefore, it is unable to support the STARTTLS SMTP verb for the connector Internet via AT&T with a FQDN parameter of sbcGlobal.net.
So, how/where do i need specify sbcGlobal.net in my parameter set; e.g. CN=<>? But where?
Any help on this would be greatly appreciated!!!
Any help/advise on any of this would be much appreciated.