Improve company productivity with a Business Account.Sign Up

x
?
Solved

Exchange Edge Transport TLS Certificate

Posted on 2015-01-27
1
Medium Priority
?
136 Views
Last Modified: 2015-06-25
Hi There

We have an Edge Transport Server sitting in the DMZ. All mail flows in and out of the organisation through this server.

When I run a test on checktls.com I get the following results:

[001.721]            Cert NOT VALIDATED: unable to get local issuer certificate
[001.722]            this may help: What Is An Intermediate Certificate
[001.722]            So email is encrypted but the domain is not verified
[001.723]            Cert Hostname DOES NOT VERIFY (mail.DOMAINNAME.com != DMZ-TLS)
[001.723]            So email is encrypted but the host is not verified
[001.724]      ~~>      EHLO checktls.com

The Certificate is self Signed. The Subject and CertificateDomains in the certificate only contains the Internal FQDN and doesn't reference the external mail.DomainName.com

to resolve Cert NOT VALIDATED and Cert Hostname DOES NOT VERIFY

Do I need another certificate for this in the Certificate Chain?

or

Do I need to reissue the same certificate on the Edge Transport Server but include the mail.domainname.com

Any advice is greatly appreciated.

Thanks
David
0
Comment
Question by:tenacityit
1 Comment
 
LVL 39

Accepted Solution

by:
Hypercat (Deb) earned 1500 total points
ID: 40575457
You need a certificate for mail.domain.com so that your edge transport server can validate incoming emails which, of course, are addressed to that domain.  I would think the easiest way would be to add a second certificate with that name, but I'm not an expert on self-signed certificates (I always used public authorities), so others may have a different take on this.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Migrating Exchange data from one Exchange Server to another server is complicated. Though Exchange administrators can try manual methods to migrate their data from one version of Exchange to another, these manual methods are not that reliable. That…
Using Granular Exchange Recovery Software to recover specific items from corrupt Exchange mailboxes. With Granular recovery techniques,  repair exchange mailbox and then move single items objects stored in Exchange EDB Files such as emails, contacts…
This video discusses moving either the default database or any database to a new volume.
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

595 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question