?
Solved

Exchange Edge Transport TLS Certificate

Posted on 2015-01-27
1
Medium Priority
?
100 Views
Last Modified: 2015-06-25
Hi There

We have an Edge Transport Server sitting in the DMZ. All mail flows in and out of the organisation through this server.

When I run a test on checktls.com I get the following results:

[001.721]            Cert NOT VALIDATED: unable to get local issuer certificate
[001.722]            this may help: What Is An Intermediate Certificate
[001.722]            So email is encrypted but the domain is not verified
[001.723]            Cert Hostname DOES NOT VERIFY (mail.DOMAINNAME.com != DMZ-TLS)
[001.723]            So email is encrypted but the host is not verified
[001.724]      ~~>      EHLO checktls.com

The Certificate is self Signed. The Subject and CertificateDomains in the certificate only contains the Internal FQDN and doesn't reference the external mail.DomainName.com

to resolve Cert NOT VALIDATED and Cert Hostname DOES NOT VERIFY

Do I need another certificate for this in the Certificate Chain?

or

Do I need to reissue the same certificate on the Edge Transport Server but include the mail.domainname.com

Any advice is greatly appreciated.

Thanks
David
0
Comment
Question by:tenacityit
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 38

Accepted Solution

by:
Hypercat (Deb) earned 1500 total points
ID: 40575457
You need a certificate for mail.domain.com so that your edge transport server can validate incoming emails which, of course, are addressed to that domain.  I would think the easiest way would be to add a second certificate with that name, but I'm not an expert on self-signed certificates (I always used public authorities), so others may have a different take on this.
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In-place Upgrading Dirsync to Azure AD Connect
Unified and professional email signatures help maintain a consistent company brand image to the outside world. This article shows how to create an email signature in Exchange Server 2010 using a transport rule and how to overcome native limitations …
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question