How to determine what SSL Certificate used between On-Prem and Exchange Online

Copper Contributor

Hi, 

 

After renewing our SSL Certificate for SMTP this week on our On-Prem Exchange 2019 server,  I was reviewing our Send Connector configuration to Exchange Online and no SSL Certificate was defined under the TLSCertificateName attribute. However, the Receive Connector in Exchange Online is configured to only allow mail items signed with TLS with Subject containing our domain. Mail flow is working fine but I am intrigued to find out what certificate is being used if not our CA Certificate. 

 

I should say that the server is not configured for Hybrid.  

 

Any pointers much appreciated. 

 

Thanks in advance. 

1 Reply

Hi @Fwaggle 

 

#Inbound Connector in Exchange Online

Get-InboundConnector -Identity "Inbound from b96bdae2-5722-45d3-b38c-8dca846c63ba" | fl Name, *TLS*,Restrict*

Name : Inbound from b96bdae2-5722-45d3-b38c-8dca846c63ba
RequireTls : True
TlsSenderCertificateName : *.icewolf.ch
RestrictDomainsToIPAddresses : False
RestrictDomainsToCertificate : False

 

#Send Connector on Exchange Server

Get-SendConnector -Identity "Outbound to Office 365 - 138c6133-e050-4107-9421-d1e9abf64b49" | fl name,fqdn,TLS*

Name : Outbound to Office 365 - 138c6133-e050-4107-9421-d1e9abf64b49
Fqdn : mail.icewolf.ch
TlsDomain : mail.protection.outlook.com
TlsAuthLevel : DomainValidation
TlsCertificateName : <I>CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/,
O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US<S>CN=mail.icewolf.ch

 

If no TLSCertificateName is set on Send connector it could be the default SMTP Certificate

 

https://dirteam.com/bas/2020/06/24/field-notes-what-is-the-current-default-smtp-certificate-for-your...

 

Regards

Andres