SBS2008 SMTP SSL Cert is still using self-signed

After installing a GoDaddy SSL Cert to a SBS2008 box that prevoiusly had a self signed cert, I see that IIS and IMAP have taken on the new cert, but SMTP is still using the old self signed cert.

I have restarted the exchange transport service, but this has not helped.
Which service should I restart to force the setting?

Get-ExchangeCertificates shows the services are assigned to the Godaddy cert OK
LVL 1
Chief AvocadoChief of Problem Avocado'sAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

becraigCommented:
Smtp should be able to use a self signed certificate. If you think the certificate is expiring you can simply run get-exchangecertificate <thumbprint of current certificate> | New-exchangecertificate.

http://forums.msexchange.org/Renewing_self-signed_SMTP_certificate/m_1800558152/tm.htm
0
David AtkinTechnical DirectorCommented:
Another alternative would be to run the Fix My Network wizard in the SBS console. It may detect and fix the issue.
0
Chief AvocadoChief of Problem Avocado'sAuthor Commented:
It was Self signed, I have a new 'proper' SSL which I have installed.
If I run get-exchangecertificate I can see the correct thumbprint has services Imap, Pop, Smtp, IIS 'bound' to it

But, If I probe the smtp service

openssl s_client -starttls imap -showcerts -connect [server address]:25

then I can see that the old self signed cert is being returned.

Do I need to reboot the service, or restart a service to make the new cert 'active'?

Note: The 'proper' cert is being served to IIS, Pop and Imap.   Its just SMTP that is using the old cert.
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Chief AvocadoChief of Problem Avocado'sAuthor Commented:
Fix My Network wizard - No issues with SSL detected
0
becraigCommented:
Enable-ExchangeCertificate -Thumbprint <go daddy thumbprint> -Services SMTP

Then delete the old certificate
 Remove-ExchangeCertificate -Thumbprint <self signed thumbprint>
Press Y to confirm and you're done
0
becraigCommented:
Like I said above there are no issues with using the self signed it won't break anything. In fact most people use it for smtp.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
SBS

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.