cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

TLS 1.2 communication with a BANK ( UK Based )

BillSwan
Copper Contributor

‎Jun 15 2022 01:17 AM

‎Jun 15 2022 01:17 AM

TLS 1.2 communication with a BANK ( UK Based )

Hi Small Business Server 2016 Essentials....

Quote from Bank Support

Unfortunately, when we checked the TLS compatibility of your domain we noted that you currently use a self-signed certificate to support your current TLS configuration (as illustrated below). 

SSLVersion in use: TLSv1_2

Cipher in use: ECDHE-RSA-AES256-GCM-SHA384

Perfect Forward Secrecy: yes

Session Algorithm in use: Curve X25519 DHE(253 bits)

Certificate #1 of 1 (sent by MX):

Cert VALIDATION ERROR(S): unable to get local issuer certificate

This may help: What Is An Intermediate Certificate

So email is encrypted but the recipient domain is not verified

Cert Hostname DOES NOT VERIFY (mail.companydomian.co.uk != Exchsvr | DNS:Exchsvr | DNS:Exchsvr.companyname.local)

So email is encrypted but the host is not verified

Not Valid Before: Jan 12 16:12:54 2020 GMT

Not Valid After: Jan 12 16:12:54 2025 GMT

We do use Lets Encrypt / Cerify the web I presume the bank is getting the internal info from the receive connectors. If I try to change the ehlo to mail.company.co.uk I get the error

' If the AuthMechanism attribute on a Receive connector contains the value ExchangeServer, you must set the FQDN parameter on the Receive connector to one of the following values: the FQDN of the transport server "Exchsvr.mydomain.local", the NetBIOS name of the transport server "Exchsvr", or $null. . Do I need to change the settings in security settings of the receive connector and in doing so what will it affect?

Should I setup a new recive connector? But my reading Im confused by mention of put in external IP ( senders ) there could be many IPs also I need to assign another IP but my internal exchange server has only 1 IP

This Bank, only one I have to do this for.. LLoyds, sending emails are fine to LLoyds is just when they send to my client they get
Remote Server returned '554 5.4.0 < #4.7.5 smtp; 454 4.7.5 [internal] verify error:num=21:unable to verify the first certificate:depth=0:/CN=Exchsvr> ( Exchsvr being Exchange 2016 server name )

Changing Banks is not an option...lol

Labels:
733 Views
0 Likes
0 Replies
Reply
0 Replies