webmail has been working fine for years until this week, now internal webmail works without problem but external webmail is giving a incorrect cert, and the cert that is incorrect is from a Vigor router/ draytek
we do use a draytek router in the office just as a Wi-Fi point,
How can exchange suddenly start to use a cert from the router and how do I fix it please, The correct cert is still in place and is in date and hasn't been changed in anyway
Microsoft OfficeExchange
Last Comment
dances1960
8/22/2022 - Mon
FOX
have you checked the settings on the firewall ?
Rodney Barnhardt
It may not see the router as a legit connection. For example, I have seen errors on both my OWA and Outlook Anywhere when my ISP is having a problem. I have also seen it at hotels where you register on their network for Internet access and it’s only valid for 24 hours. The error comes up until you reauthenticate. The following is provided by MS to test connections. You could try it an maybe get more answers.
If it is working from inside it is an issue with firewall.
Please revert the changes you did if any.
Thanks
MAS
Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!
James Murphy
David Favor
Start at the beginning. Either publish the URL your connecting too so it can be checked, or check the URL yourself.
Use SSL Labs Tester to check Cert correctness, if same cert is used for a Website.
Then attempt connecting to your mail server using the openssl client.
This will tell you if external SSL cert + config are correct.
You internal Webmail likely works, because your setup bypasses SSL for local connections... so if your SSL cert has expired or somehow your SSL config has become munged, this is the likely explanation.
Tip: Keep in mind some clients (browsers + mail) have recently banned the use of TLSv1.0 + TLSv1.1 only allowing support of TLSv1.2 + TLSv1.3 protocol versions.
If your client requires TLSv1.2 + TLSv1.3 + your mail server is advertising TLSv1.0 + TLSv1.1 then this may be the problem.
This is very common, as these new requirements have only started going into force July 2018, so very recent requirement change.
If all this makes your head spin, might be useful to hire someone to help you fix this.
dances1960
ASKER
Hi thank you all for your help, it ended when I found out that the ISP had gave someone else our static IP address in error. All is now working as normal.
Wish I had checked that first, embarrassing.
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.