Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 103
  • Last Modified:

SBS2008 SMTP SSL Cert is still using self-signed

After installing a GoDaddy SSL Cert to a SBS2008 box that prevoiusly had a self signed cert, I see that IIS and IMAP have taken on the new cert, but SMTP is still using the old self signed cert.

I have restarted the exchange transport service, but this has not helped.
Which service should I restart to force the setting?

Get-ExchangeCertificates shows the services are assigned to the Godaddy cert OK
0
pc-cyt
Asked:
pc-cyt
  • 3
  • 2
1 Solution
 
becraigCommented:
Smtp should be able to use a self signed certificate. If you think the certificate is expiring you can simply run get-exchangecertificate <thumbprint of current certificate> | New-exchangecertificate.

http://forums.msexchange.org/Renewing_self-signed_SMTP_certificate/m_1800558152/tm.htm
0
 
David AtkinIT ProfessionalCommented:
Another alternative would be to run the Fix My Network wizard in the SBS console. It may detect and fix the issue.
0
 
pc-cytAuthor Commented:
It was Self signed, I have a new 'proper' SSL which I have installed.
If I run get-exchangecertificate I can see the correct thumbprint has services Imap, Pop, Smtp, IIS 'bound' to it

But, If I probe the smtp service

openssl s_client -starttls imap -showcerts -connect [server address]:25

then I can see that the old self signed cert is being returned.

Do I need to reboot the service, or restart a service to make the new cert 'active'?

Note: The 'proper' cert is being served to IIS, Pop and Imap.   Its just SMTP that is using the old cert.
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
pc-cytAuthor Commented:
Fix My Network wizard - No issues with SSL detected
0
 
becraigCommented:
Enable-ExchangeCertificate -Thumbprint <go daddy thumbprint> -Services SMTP

Then delete the old certificate
 Remove-ExchangeCertificate -Thumbprint <self signed thumbprint>
Press Y to confirm and you're done
0
 
becraigCommented:
Like I said above there are no issues with using the self signed it won't break anything. In fact most people use it for smtp.
0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now