Solved

SBS2008 SMTP SSL Cert is still using self-signed

Posted on 2014-09-10
6
80 Views
Last Modified: 2015-06-16
After installing a GoDaddy SSL Cert to a SBS2008 box that prevoiusly had a self signed cert, I see that IIS and IMAP have taken on the new cert, but SMTP is still using the old self signed cert.

I have restarted the exchange transport service, but this has not helped.
Which service should I restart to force the setting?

Get-ExchangeCertificates shows the services are assigned to the Godaddy cert OK
0
Comment
Question by:pc-cyt
  • 3
  • 2
6 Comments
 
LVL 29

Expert Comment

by:becraig
ID: 40314767
Smtp should be able to use a self signed certificate. If you think the certificate is expiring you can simply run get-exchangecertificate <thumbprint of current certificate> | New-exchangecertificate.

http://forums.msexchange.org/Renewing_self-signed_SMTP_certificate/m_1800558152/tm.htm
0
 
LVL 22

Expert Comment

by:David Atkin
ID: 40314782
Another alternative would be to run the Fix My Network wizard in the SBS console. It may detect and fix the issue.
0
 
LVL 1

Author Comment

by:pc-cyt
ID: 40314784
It was Self signed, I have a new 'proper' SSL which I have installed.
If I run get-exchangecertificate I can see the correct thumbprint has services Imap, Pop, Smtp, IIS 'bound' to it

But, If I probe the smtp service

openssl s_client -starttls imap -showcerts -connect [server address]:25

then I can see that the old self signed cert is being returned.

Do I need to reboot the service, or restart a service to make the new cert 'active'?

Note: The 'proper' cert is being served to IIS, Pop and Imap.   Its just SMTP that is using the old cert.
0
Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

 
LVL 1

Author Comment

by:pc-cyt
ID: 40314834
Fix My Network wizard - No issues with SSL detected
0
 
LVL 29

Expert Comment

by:becraig
ID: 40314851
Enable-ExchangeCertificate -Thumbprint <go daddy thumbprint> -Services SMTP

Then delete the old certificate
 Remove-ExchangeCertificate -Thumbprint <self signed thumbprint>
Press Y to confirm and you're done
0
 
LVL 29

Accepted Solution

by:
becraig earned 500 total points
ID: 40314857
Like I said above there are no issues with using the self signed it won't break anything. In fact most people use it for smtp.
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
MS Outlook is a world-class email client application that is mainly used for e-communication globally.  In this article, we will discuss the basic idea about MS Outlook, its advanced features, and types of MS Outlook File formats.
In this video we show how to create a User Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Mailb…
how to add IIS SMTP to handle application/Scanner relays into office 365.

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question