?
Solved

SBS2008 SMTP SSL Cert is still using self-signed

Posted on 2014-09-10
6
Medium Priority
?
94 Views
Last Modified: 2015-06-16
After installing a GoDaddy SSL Cert to a SBS2008 box that prevoiusly had a self signed cert, I see that IIS and IMAP have taken on the new cert, but SMTP is still using the old self signed cert.

I have restarted the exchange transport service, but this has not helped.
Which service should I restart to force the setting?

Get-ExchangeCertificates shows the services are assigned to the Godaddy cert OK
0
Comment
Question by:pc-cyt
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 29

Expert Comment

by:becraig
ID: 40314767
Smtp should be able to use a self signed certificate. If you think the certificate is expiring you can simply run get-exchangecertificate <thumbprint of current certificate> | New-exchangecertificate.

http://forums.msexchange.org/Renewing_self-signed_SMTP_certificate/m_1800558152/tm.htm
0
 
LVL 22

Expert Comment

by:David Atkin
ID: 40314782
Another alternative would be to run the Fix My Network wizard in the SBS console. It may detect and fix the issue.
0
 
LVL 1

Author Comment

by:pc-cyt
ID: 40314784
It was Self signed, I have a new 'proper' SSL which I have installed.
If I run get-exchangecertificate I can see the correct thumbprint has services Imap, Pop, Smtp, IIS 'bound' to it

But, If I probe the smtp service

openssl s_client -starttls imap -showcerts -connect [server address]:25

then I can see that the old self signed cert is being returned.

Do I need to reboot the service, or restart a service to make the new cert 'active'?

Note: The 'proper' cert is being served to IIS, Pop and Imap.   Its just SMTP that is using the old cert.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 1

Author Comment

by:pc-cyt
ID: 40314834
Fix My Network wizard - No issues with SSL detected
0
 
LVL 29

Expert Comment

by:becraig
ID: 40314851
Enable-ExchangeCertificate -Thumbprint <go daddy thumbprint> -Services SMTP

Then delete the old certificate
 Remove-ExchangeCertificate -Thumbprint <self signed thumbprint>
Press Y to confirm and you're done
0
 
LVL 29

Accepted Solution

by:
becraig earned 1500 total points
ID: 40314857
Like I said above there are no issues with using the self signed it won't break anything. In fact most people use it for smtp.
0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Check out this step-by-step guide for using the newly updated Experts Exchange mobile app—released on May 30.
A couple of months ago we ran into an issue that necessitated re-creating our Edge Subscriptions. However, when we attempted to execute the command: New-EdgeSubscription -filename C:\NewEdgeSub_01.xml we received an error indicating that the LDAP se…
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
Suggested Courses

718 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question