Solved

Exchange Edge Transport TLS Certificate

Posted on 2015-01-27
1
60 Views
Last Modified: 2015-06-25
Hi There

We have an Edge Transport Server sitting in the DMZ. All mail flows in and out of the organisation through this server.

When I run a test on checktls.com I get the following results:

[001.721]            Cert NOT VALIDATED: unable to get local issuer certificate
[001.722]            this may help: What Is An Intermediate Certificate
[001.722]            So email is encrypted but the domain is not verified
[001.723]            Cert Hostname DOES NOT VERIFY (mail.DOMAINNAME.com != DMZ-TLS)
[001.723]            So email is encrypted but the host is not verified
[001.724]      ~~>      EHLO checktls.com

The Certificate is self Signed. The Subject and CertificateDomains in the certificate only contains the Internal FQDN and doesn't reference the external mail.DomainName.com

to resolve Cert NOT VALIDATED and Cert Hostname DOES NOT VERIFY

Do I need another certificate for this in the Certificate Chain?

or

Do I need to reissue the same certificate on the Edge Transport Server but include the mail.domainname.com

Any advice is greatly appreciated.

Thanks
David
0
Comment
Question by:tenacityit
1 Comment
 
LVL 38

Accepted Solution

by:
Hypercat (Deb) earned 500 total points
Comment Utility
You need a certificate for mail.domain.com so that your edge transport server can validate incoming emails which, of course, are addressed to that domain.  I would think the easiest way would be to add a second certificate with that name, but I'm not an expert on self-signed certificates (I always used public authorities), so others may have a different take on this.
0

Featured Post

Free book by J.Peter Bruzzese, Microsoft MVP

Are you using Office 365? Trying to set up email signatures but you’re struggling with transport rules and connectors? Let renowned Microsoft MVP J.Peter Bruzzese show you how in this exclusive e-book on Office 365 email signatures. Better yet, it’s free!

Join & Write a Comment

We are happy to announce a brand new addition to our line of acclaimed email signature management products – CodeTwo Email Signatures for Office 365.
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
how to add IIS SMTP to handle application/Scanner relays into office 365.

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now