drmonoe
asked on
Require TLS Encryption Option Greyed Out of IIS 6 SMTP Relay Outbound Security Interface
Hello,
I’m trying to enable TLS authentication on an IIS 6 SMTP relay virtual host, without success. Although I’ve installed a self-signed cert, the option to “Require TLS Encryption” is greyed out.
To review, here are the steps I took.
1.) Using IIS 7, I created a self-signed cert
2.) I exported this cert to a folder on the server
3.) I imported the cert into the Personal Cert store
4.) I then tried to fully enable TLS but, the option to “Require TLS Encryption” is greyed out, suggesting the cert is either incorrectly formed, or, the virtual relay host does not see it.
Visuals of the steps I took...
Step One. Create Self-signed Cert via IIS 7 Manager
Step Two. Export the cert
Step Three. Import the Cert into the Personal Certificate Store
Step Four. Secure IIS SMTP Virtual Host Using TLS
I’m trying to enable TLS authentication on an IIS 6 SMTP relay virtual host, without success. Although I’ve installed a self-signed cert, the option to “Require TLS Encryption” is greyed out.
To review, here are the steps I took.
1.) Using IIS 7, I created a self-signed cert
2.) I exported this cert to a folder on the server
3.) I imported the cert into the Personal Cert store
4.) I then tried to fully enable TLS but, the option to “Require TLS Encryption” is greyed out, suggesting the cert is either incorrectly formed, or, the virtual relay host does not see it.
Visuals of the steps I took...
Step One. Create Self-signed Cert via IIS 7 Manager
Step Two. Export the cert
Step Three. Import the Cert into the Personal Certificate Store
Step Four. Secure IIS SMTP Virtual Host Using TLS
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
It refers to the certificate store. You need to click start, type mmc , push enter.
file, add/remove snap-in.
add certificates
local computer
then look at picture as to what it's referencing. (local machine should be local computer)
My store is personal
Untitled.png
file, add/remove snap-in.
add certificates
local computer
then look at picture as to what it's referencing. (local machine should be local computer)
My store is personal
Untitled.png
ASKER
Yes, overnight I reached that conclusion and added the cert to the correct store.
Unfortunately, this hasn't made the TLS encryption option available. I've also tried resetting the virtual SMTP host individually and even an iisreset with no success.
Unfortunately, this hasn't made the TLS encryption option available. I've also tried resetting the virtual SMTP host individually and even an iisreset with no success.
Investigate the registry keys this article says to disable TLS in IIS. I'm wondering if an admin before you disabled.
http://support.microsoft.com/kb/187498
http://support.microsoft.com/kb/187498
Also, maybe unrelated/non-correlated (but I've seen MS do worse). Check your ie options listed here:
http://superuser.com/questions/342148/why-are-some-use-tls-and-use-ssl-options-turned-off
http://superuser.com/questions/342148/why-are-some-use-tls-and-use-ssl-options-turned-off
ASKER
Hmmm, interesting.
I'll check those out and get back to you. Thanks for the leads.
I'll check those out and get back to you. Thanks for the leads.
ASKER
Unfortunately, none of those steps applied to this situation. Truly a mystery as to why IIS is failing to see the cert (which seems to be properly installed and verified).
Lol, it's not expired is it? (had to ask)
ASKER
Ha! That's a fair question (crossing all the T's, etc).
I'm sure the cert is still valid. It was only issued a few days ago and expires a year from now. Also, I confirmed it using a tool named SSLDiag.
Oh and I successfully used it to secure the default website with SSL.
So aside from the SMTP relay, all else seems good.
I'm sure the cert is still valid. It was only issued a few days ago and expires a year from now. Also, I confirmed it using a tool named SSLDiag.
Oh and I successfully used it to secure the default website with SSL.
So aside from the SMTP relay, all else seems good.
ASKER
Yup, I verified that too.
The cert's subject name definitely matches the virtual server's FQDN.
The cert's subject name definitely matches the virtual server's FQDN.
ASKER
So I suppose the next question is: how does Local Machine/My Store correspond to a drive location? Or does this refer to the HKLM reg hive?
I'll take a look in the reg to see if it reveals a location.