Exchange 2019 - Custom Internet Receive Connector with Different FQDN and Trusted SSL Certificate
Hello, I am running Exchange Server 2019 on Windows Server 2022, and I need to create a new "Internet" Receive Connector with an FQDN different from the Default FrontEnd Receive Connector on port 25 (which uses the Exchange server’s FQDN). However, when I test my SMTP TLS configuration using www.checktls.com, I notice that Exchange presents its self-signed certificate instead of the trusted SSL certificate I have installed. My Goal: Create a custom Internet Receive Connector that uses a different FQDN (e.g., mail.mydomain.com). Ensure that when external senders connect via SMTP, the correct SSL certificate (issued by a trusted CA) is presented instead of the self-signed certificate. Issues Encountered: The Default FrontEnd Receive Connector is tied to the Exchange server’s FQDN. Even after assigning my trusted certificate to the SMTP service, the self-signed certificate is still presented. I need guidance on how to properly configure the FQDN for SMTP TLS connections and ensure my trusted SSL certificate is used. In advance thank you.External email not received with NDR '550 5.4.317 Message expired, cannot connect to remote server(C
Hi all, we are getting some problem from one of the external domain not getting through. there is a NDR to the sender '550 5.4.317 Message expired, cannot connect to remote server(CertificateExpired)' I also run some test using checktls and it also report [001.696] Connection converted to SSL SSLVersion in use: TLSv1_3 Cipher in use: TLS_AES_256_GCM_SHA384 Perfect Forward Secrecy: yes Session Algorithm in use: Curve P-256 DHE(256 bits) Certificate #1 of 3 (sent by MX): EXPIRED Cert VALIDATION ERROR(S): certificate has expired So email is encrypted but the recipient domain is not verified ssl : scheme=smtp cert=94220930177 : identity=mail.domain.com cn=*.domain.com alt=2 *.domain2 domain.com Cert Hostname VERIFIED (mail.domain.com = *.domain.com | DNS:*.domain.com | DNS:domain.com) cert not revoked by OCSP Data: Version: 3 (0x2) Serial Number: 0e:cd:b7:0b:82:c2:46:0b::5c:0b:b4:29:5f:e2 Validity: Not Before: Oct 26 00:00:00 2021 GMT Not After: Nov 26 23:59:59 2022 GMT I have check all exchange server and mail security gateway, all using new ssl certificate. can anyone shed some light on this matter. Thank you all
need some guidance with SSL and certs
Hi all, Don't know if I am in the correct forum but my question is basically, can someone provide some links on how to install a new cert for https. The last guy here, never documented anything and truth be told, I never really worked with certs. I am building out a web-based app and it needs https to run. I need a wildcard certificate would work for 8 sites. We have a cert authority server on prem, but never used it before. Any links on how to accomplish this. It looks like, most of the certs here are self-signed. Thanks in advance P
SSL wildcard Certificate
I think i have tried everything with i have found to create a wildcard certificate for horizon for the past several days. and nothing has worked. i get errors like "This site can’t provide a secure connection localhost uses an unsupported protocol." or "err_ssl_version_or_cipher_mismatch" all which do not allow the interface to come up. i have even tried the following link, all which have not been fruitful https://robbieroberts.wordpress.com/2014/04/04/creating-a-wildcard-webserver-certificate-with-your-internal-microsoft-ca/ now i am creating the certificate Poweshell with the script below which works on Windows 10 but not Windows server 2012 R2 $date_now = Get-Date $extended_date = $date_now.AddYears(99) $cert = New-SelfSignedCertificate ` -Type Custom ` -certstorelocation cert:\localmachine\my ` -dnsname *.domain.local ` -KeyUsage DigitalSignature, KeyEncipherment ` -KeySpec KeyExchange -Subject "C=US, ST=IO, L=IOCity, CN=*.domain.local" ` -NotAfter $extended_date ` -KeyLength 4096 ` -FriendlyName vdm $pwd = ConvertTo-SecureString -String '$password' -Force -AsPlainText $path = 'cert:\localMachine\my\' + $cert.thumbprint Export-PfxCertificate -cert $path -FilePath c:\temp\ssl\teltrium-local.pfx -Password $pwd the certificate is created and i added to the trusted site. the only difference between this an the one applied at setup is the Key Usage has a yellow exclamation point. https://communities.vmware.com/servlet/JiveServlet/showImage/2-2827169-302961/pastedImage_2.png Does anyone know what I am doing incorrectly. is there an "IDIOTS Guide" somewhere? Any assistance is greatly appreciated. thank you in advance.
