Exchange Edge Transport TLS Certificate

Hi There

We have an Edge Transport Server sitting in the DMZ. All mail flows in and out of the organisation through this server.

When I run a test on checktls.com I get the following results:

[001.721]            Cert NOT VALIDATED: unable to get local issuer certificate
[001.722]            this may help: What Is An Intermediate Certificate
[001.722]            So email is encrypted but the domain is not verified
[001.723]            Cert Hostname DOES NOT VERIFY (mail.DOMAINNAME.com != DMZ-TLS)
[001.723]            So email is encrypted but the host is not verified
[001.724]      ~~>      EHLO checktls.com

The Certificate is self Signed. The Subject and CertificateDomains in the certificate only contains the Internal FQDN and doesn't reference the external mail.DomainName.com

to resolve Cert NOT VALIDATED and Cert Hostname DOES NOT VERIFY

Do I need another certificate for this in the Certificate Chain?

or

Do I need to reissue the same certificate on the Edge Transport Server but include the mail.domainname.com

Any advice is greatly appreciated.

Thanks
David
tenacityitAsked:
Who is Participating?
 
Hypercat (Deb)Commented:
You need a certificate for mail.domain.com so that your edge transport server can validate incoming emails which, of course, are addressed to that domain.  I would think the easiest way would be to add a second certificate with that name, but I'm not an expert on self-signed certificates (I always used public authorities), so others may have a different take on this.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.