Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Exchange Edge Transport TLS Certificate

Posted on 2015-01-27
1
Medium Priority
?
106 Views
Last Modified: 2015-06-25
Hi There

We have an Edge Transport Server sitting in the DMZ. All mail flows in and out of the organisation through this server.

When I run a test on checktls.com I get the following results:

[001.721]            Cert NOT VALIDATED: unable to get local issuer certificate
[001.722]            this may help: What Is An Intermediate Certificate
[001.722]            So email is encrypted but the domain is not verified
[001.723]            Cert Hostname DOES NOT VERIFY (mail.DOMAINNAME.com != DMZ-TLS)
[001.723]            So email is encrypted but the host is not verified
[001.724]      ~~>      EHLO checktls.com

The Certificate is self Signed. The Subject and CertificateDomains in the certificate only contains the Internal FQDN and doesn't reference the external mail.DomainName.com

to resolve Cert NOT VALIDATED and Cert Hostname DOES NOT VERIFY

Do I need another certificate for this in the Certificate Chain?

or

Do I need to reissue the same certificate on the Edge Transport Server but include the mail.domainname.com

Any advice is greatly appreciated.

Thanks
David
0
Comment
Question by:tenacityit
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 38

Accepted Solution

by:
Hypercat (Deb) earned 1500 total points
ID: 40575457
You need a certificate for mail.domain.com so that your edge transport server can validate incoming emails which, of course, are addressed to that domain.  I would think the easiest way would be to add a second certificate with that name, but I'm not an expert on self-signed certificates (I always used public authorities), so others may have a different take on this.
0

Featured Post

What’s Wrong with Your Cloud Strategy ?

Even as many CIOs are embracing a cloud-first strategy, the reality is that moving to the cloud is a lengthy process and the end-state is likely to be a blend of multiple clouds—public and private. Learn why multicloud solutions matter in this webinar by Nimble Storage.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are times when we need to generate a report on the inbox rules, where users have set up forwarding externally in their mailbox. In this article, I will be sharing a script I wrote to generate the report in CSV format.
With so many activities to perform, Exchange administrators are always busy in organizations. If everything, including Exchange Servers, Outlook clients, and Office 365 accounts work without any issues, they can sit and relax. But unfortunately, it…
This video discusses moving either the default database or any database to a new volume.
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question