I have a single Exchange 2010 SP3 with RU23 installed. All the roles are running on the 1 server. I have enabled TLS 1.2 and used IIS Crypto 2.0 and set best practices. Qualys SSL Labs scan give an A rating. However checktls.com fails on the cert test. The exchange server has 2 certs the default self signed and a public UUC SAN from GoDaddy. The checktls.com test is only seeing the default cert and is failing because it does not match the public name. Here is the piece of the checktls output:
Certificate 1 of 1 in chain: Cert VALIDATION ERROR(S): unable to get local issuer certificate; unable to verify the first certificate
This may help: What Is An Intermediate Certificate
So email is encrypted but the recipient domain is not verified
Cert Hostname DOES NOT VERIFY (webmail.domain.org != Exchsrvr | DNS:Exchsrvr | DNS:Exchsrvr.domain.local)
So email is encrypted but the host is not verified
The default exchange cert has SMTP service assigned and the Public Cert has IMAP,POP,IIS,SMTP services assigned.
The company that is requiring Forced TLS says email cannot go forward until this checktls cert error is resolved.
How do I resolve this issue?