I have an issue that I am not sure where to begin to fix. We have an SSL cert for our Exchange 2010 server that is used for IIS, SMTP, POP and IMAP.
We have several Ubuntu servers that connect to the exchange server via TLS. starting today, our linux admin says that the cert is not being presented when connecting to port 25 but it is when connecting to port 443.
I am not sure where to look for this. My understanding was, as long as the SSL cert is installed and assigned to services, it will present the cert.
the command our linux admin is using is:
echo | openssl s_client -ssl3 -msg -state -connect name of exchange server:25
echo | openssl s_client -ssl3 -msg -state -connect name of exchange server:443
when using port 25 a message comes up that says:
SSL3 alert write:fatal:handshake failure
SSL_connect:error in SSLv3 read server hello A
140027732485792:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:337:
no peer certificate available
No client certificate CA names sent
SSL handshake has read 5 bytes and written 7 bytes
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Protocol : SSLv3
Cipher : 0000
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1446577982
Timeout : 7200 (sec)
Verify return code: 0 (ok)
when using 443 it shows the certificate, the issuer and the SSL-Session.
I am not familiar with these linux commands so I am not 100% sure what its doing. The linux admin said it was working yesterday but I can't verify that.
I'm not sure how to tell exchange to present the certificate on port 25. I've always assumed that was a given.