Exchange 2019 - Custom Internet Receive Connector with Different FQDN and Trusted SSL Certificate
Hello, I am running Exchange Server 2019 on Windows Server 2022, and I need to create a new "Internet" Receive Connector with an FQDN different from the Default FrontEnd Receive Connector on port 25 (which uses the Exchange server’s FQDN). However, when I test my SMTP TLS configuration using www.checktls.com, I notice that Exchange presents its self-signed certificate instead of the trusted SSL certificate I have installed. My Goal: Create a custom Internet Receive Connector that uses a different FQDN (e.g., mail.mydomain.com). Ensure that when external senders connect via SMTP, the correct SSL certificate (issued by a trusted CA) is presented instead of the self-signed certificate. Issues Encountered: The Default FrontEnd Receive Connector is tied to the Exchange server’s FQDN. Even after assigning my trusted certificate to the SMTP service, the self-signed certificate is still presented. I need guidance on how to properly configure the FQDN for SMTP TLS connections and ensure my trusted SSL certificate is used. In advance thank you.External email not received with NDR '550 5.4.317 Message expired, cannot connect to remote server(C
Hi all, we are getting some problem from one of the external domain not getting through. there is a NDR to the sender '550 5.4.317 Message expired, cannot connect to remote server(CertificateExpired)' I also run some test using checktls and it also report [001.696] Connection converted to SSL SSLVersion in use: TLSv1_3 Cipher in use: TLS_AES_256_GCM_SHA384 Perfect Forward Secrecy: yes Session Algorithm in use: Curve P-256 DHE(256 bits) Certificate #1 of 3 (sent by MX): EXPIRED Cert VALIDATION ERROR(S): certificate has expired So email is encrypted but the recipient domain is not verified ssl : scheme=smtp cert=94220930177 : identity=mail.domain.com cn=*.domain.com alt=2 *.domain2 domain.com Cert Hostname VERIFIED (mail.domain.com = *.domain.com | DNS:*.domain.com | DNS:domain.com) cert not revoked by OCSP Data: Version: 3 (0x2) Serial Number: 0e:cd:b7:0b:82:c2:46:0b::5c:0b:b4:29:5f:e2 Validity: Not Before: Oct 26 00:00:00 2021 GMT Not After: Nov 26 23:59:59 2022 GMT I have check all exchange server and mail security gateway, all using new ssl certificate. can anyone shed some light on this matter. Thank you all
