Solved

SBS2008 SMTP SSL Cert is still using self-signed

Posted on 2014-09-10
6
88 Views
Last Modified: 2015-06-16
After installing a GoDaddy SSL Cert to a SBS2008 box that prevoiusly had a self signed cert, I see that IIS and IMAP have taken on the new cert, but SMTP is still using the old self signed cert.

I have restarted the exchange transport service, but this has not helped.
Which service should I restart to force the setting?

Get-ExchangeCertificates shows the services are assigned to the Godaddy cert OK
0
Comment
Question by:pc-cyt
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 29

Expert Comment

by:becraig
ID: 40314767
Smtp should be able to use a self signed certificate. If you think the certificate is expiring you can simply run get-exchangecertificate <thumbprint of current certificate> | New-exchangecertificate.

http://forums.msexchange.org/Renewing_self-signed_SMTP_certificate/m_1800558152/tm.htm
0
 
LVL 22

Expert Comment

by:David Atkin
ID: 40314782
Another alternative would be to run the Fix My Network wizard in the SBS console. It may detect and fix the issue.
0
 
LVL 1

Author Comment

by:pc-cyt
ID: 40314784
It was Self signed, I have a new 'proper' SSL which I have installed.
If I run get-exchangecertificate I can see the correct thumbprint has services Imap, Pop, Smtp, IIS 'bound' to it

But, If I probe the smtp service

openssl s_client -starttls imap -showcerts -connect [server address]:25

then I can see that the old self signed cert is being returned.

Do I need to reboot the service, or restart a service to make the new cert 'active'?

Note: The 'proper' cert is being served to IIS, Pop and Imap.   Its just SMTP that is using the old cert.
0
Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 
LVL 1

Author Comment

by:pc-cyt
ID: 40314834
Fix My Network wizard - No issues with SSL detected
0
 
LVL 29

Expert Comment

by:becraig
ID: 40314851
Enable-ExchangeCertificate -Thumbprint <go daddy thumbprint> -Services SMTP

Then delete the old certificate
 Remove-ExchangeCertificate -Thumbprint <self signed thumbprint>
Press Y to confirm and you're done
0
 
LVL 29

Accepted Solution

by:
becraig earned 500 total points
ID: 40314857
Like I said above there are no issues with using the self signed it won't break anything. In fact most people use it for smtp.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Find out what you should include to make the best professional email signature for your organization.
After hours on line I found a solution which pointed to the inherited Active Directory permissions . You have to give/allow permissions to the "Exchange trusted subsystem" for the user in the Active Directory...
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
Suggested Courses
Course of the Month5 days, 19 hours left to enroll

627 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question