Exchange Edge Transport TLS Certificate
Posted on 2015-01-27
We have an Edge Transport Server sitting in the DMZ. All mail flows in and out of the organisation through this server.
When I run a test on checktls.com I get the following results:
[001.721] Cert NOT VALIDATED: unable to get local issuer certificate
[001.722] this may help: What Is An Intermediate Certificate
[001.722] So email is encrypted but the domain is not verified
[001.723] Cert Hostname DOES NOT VERIFY (mail.DOMAINNAME.com != DMZ-TLS)
[001.723] So email is encrypted but the host is not verified
[001.724] ~~> EHLO checktls.com
The Certificate is self Signed. The Subject and CertificateDomains in the certificate only contains the Internal FQDN and doesn't reference the external mail.DomainName.com
to resolve Cert NOT VALIDATED and Cert Hostname DOES NOT VERIFY
Do I need another certificate for this in the Certificate Chain?
Do I need to reissue the same certificate on the Edge Transport Server but include the mail.domainname.com
Any advice is greatly appreciated.