Exchange 2013 SMTP wrong SSL cert

I am building an exchange 2013 server, it uses a globalsign SSL cert that seems to be working.  I have webmail and ecp working with it.  This was exported from another server then imported to this one.  The problem I am getting is, when I am testing SMTP connections it seems to use a self assigned cert that has the local server name and its not using the one from the CA.  I have tried to unbind the self assigned by using Enable-ExchangeCertificate -Services None -Thumbprint XXXXXX but this doesn't seem to do anything and it still remains bound.  Also tried to reassign the correct SSL that is bound to POP, IMAP, IIS and SMTP.  I don't know if the issue is because I exported and imported the cert (included the PK).

Any suggestions please as I am getting really frustrated with this.

I am using checktls.com website and this is what I get:

[000.369]             We can use this server
[000.369]             TLS is an option on this server
[000.370]       -->       STARTTLS
[000.492]       <--       220 2.0.0 SMTP server ready
[000.492]             STARTTLS command works on this server
[000.781]             Cipher in use: ECDHE-RSA-AES256-SHA
[000.781]             Connection converted to SSL
[000.804]             

Certificate 1 of 2 in chain:
subject= /CN=XXXXVS01
issuer= /CN=XXXXVS01                                                    

[000.827]             

Certificate 2 of 2 in chain:
subject= /CN=XXXXVS01
issuer= /CN=XXXXVS01                                                      

[000.828]             Cert NOT VALIDATED: unable to get local issuer certificate
[000.828]             this may help: What Is An Intermediate Certificate
[000.828]             So email is encrypted but the domain is not verified
[000.828]             Cert Hostname DOES NOT VERIFY (mail.domain.org.uk != XXXXVS01)
[000.829]             So email is encrypted but the host is not verified
Andrew_WhitehouseAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Andrew_WhitehouseAuthor Commented:
I have managed to sort this out by using this command in powershell:

Set-ReceiveConnector -Identity "Default Frontend XXXXVS01" -Tlscertificatename "<I>CN=xxxxxxxx<s>CN=xxxxxx,"
MaheshArchitectCommented:
This is default certificate on receive connector with server FQDN and its self signed
U don't need to change it, also if you have multiple Exchange servers and if you change that FQDN, its likely to break server to server mailflow.

If you have single Exchange server, u can rename FQDN to match public FQDN (ensure the name you used is available as SAN entry of existing public certificate), however you need to uncheck Exchange server authentication checkbox 1st in receive connector properties

There is another process of assigning different IP to exchange server with new NIC, bind your MX public IP to this NIC and then configure new FQDN on this connector, remove exchange authentication from this new connector and make sure old connectors are still there, but I have never tried this solution
Andrew_WhitehouseAuthor Commented:
ok thanks for that, we only have the 1 exchange server, how do you rename the FQDN as when I try and do it it says:

If the AuthMechanism attribute on a Receive connector contains the value ExchangeServer, you must set the FQDN parameter on the Receive connector to one of the following values: the FQDN of the transport server "xxxxVS01.xxxx.office", the NetBIOS name of the transport server "xxxxVS01", or $null.


Thanks
MaheshArchitectCommented:
On authentication tab of receive connector you need to uncheck Exchange server before you change the FQDN
Middle paragraph in above link saying same thing

https://technet.microsoft.com/en-us/library/jj657472(v=exchg.150).aspx
AuthMechanism

https://technet.microsoft.com/en-us/library/aa996395(v=exchg.150).aspx
Receive Connectors

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.