Differences

This shows you the differences between two versions of the page.

--- internet:mail:exchange:exchange_ssl [2017/12/20 07:53]
gcooper
+++ internet:mail:exchange:exchange_ssl [2022/04/17 14:08] (current)
gcooper
@@ Line 1: / Line 1: @@
 ====== Exchange Server SSL Certificates ======
+See also: **http://www.mustbegeek.com/configure-url-redirection-in-exchange-2013/**
 See also: **[[internet:security:ssl_cert_windows|Windows SSL Certificates]]**
@@ Line 61: / Line 63: @@
 Once the above steps are completed, go through the following virtual directories.
-In the HTTP Redirect section, remove the following check mark Redirect requests to this destination and Apply the changes.
+In the HTTP Redirect section, remove the following check mark ''Redirect requests to this destination'' and Apply the changes.
   * aspnet_client
@@ Line 79: / Line 81: @@
 FIXME Needs verification! Not valid for Exchange 2013.
-See also **[[va:va_exchange_hosting|CloudPanel Exchange Hosting Panel]]**
 :!: Change the ''mail.yourdomain.com'' part to match the name in your SSL certificate.
@@ Line 132: / Line 132: @@
 <file>
-Get-ExchangeCertificate | FL
+Get-ExchangeCertificate | fl
 Test-WebServicesConnectivity | fl
@@ Line 163: / Line 163: @@
 ==== Install on Exchange 2013  ====
-  - In Exchange Management Shell
+=== In Exchange Management Shell ===
 <file>Import-ExchangeCertificate -FileData ([Byte[]]$(Get-Content -Path "E:\Cert_Location\your_cert_name.pfx" -Encoding byte -ReadCount 0))</file>
-  - Check Cert
+=== Check Cert ===
 <file>Get-ExchangeCertificate | fl</file>
@@ Line 181: / Line 184: @@
   - ''Restart-Service MSExchangeImap4''
+==== Receive Connector ====
+https://blog.cpolydorou.net/2018/03/configuring-certificate-on-exchange.html
+<file>
+Get-ReceiveConnector
+Get-ReceiveConnector "VA-EXCH-01\Default Frontend VA-EXCH-01" | fl
+</file>
+Set the correct SSL certificate used by the Default Frontend (SMTP on port 25) connector:
+<file>
+Get-ExchangeCertificate
+$cert = Get-ExchangeCertificate -Thumbprint "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
+$cert | fl Thumbprint,Issuer,Subject
+$tls = "<i>$($cert.Issuer)<s>$($cert.Subject)"
+Set-ReceiveConnector "VA-EXCH-01\Default Frontend VA-EXCH-01" -TlsCertificateName $tls
+Get-ReceiveConnector "VA-EXCH-01\Default Frontend VA-EXCH-01" | fl
+</file>
+Test from a Linux host:
+<file>
+openssl s_client -connect exchange.yourdomain.tld:25 -starttls smtp < /dev/null
+</file>
+===== Microsoft Exchange Server Auth Certificate =====
+Read this entire page first: https://byronwright.blogspot.com/2018/05/expired-microsoft-exchange-server-auth.html
+==== Exchange Admin Center ====
+Renew the expired/expiring certificate in EAC:
+**EAC -> Servers -> Certificates**
+:!: You will need to **copy the thumbprint of the new MESAC** to be used in the following EMS commands.
+==== Exchange Management Shell ====
+:!: Substitute your new thumbprint.
+<file>
+Get-AuthConfig
+$thumb = "1DB0B9BC4195B1F5EDFC4CDED5106B9F4069FFF1"
+$date = get-date
+Set-AuthConfig -NewCertificateThumbprint $thumb -NewCertificateEffectiveDate $date
+Set-AuthConfig -PublishCertificate
+Set-AuthConfig -ClearPreviousCertificate
+iisreset
+</file>
+:!: If it is still not working properly, you might try rebooting the server.
+===== Troubleshooting =====
+Do **not** delete the last self-signed cert.
+Delete all unused **commercial** certs to avoid confusion as to which cert is being applied where.
+List all certs and their details:
+<file>
+get-exchangecertificate | fl cert*,services,thumb*,subject
+</file>
+<file>
+Import-ExchangeCertificate -Server $ServerName -FileName $CertificateImport
+Enable-ExchangeCertificate -Thumbprint $certPrint.Thumbprint -Services POP,IMAP,IIS,SMTP -Confirm
+</file>
+<file>
+Enable-ExchangeCertificate -Server '<your-server-name>' -Services 'IMAP, POP, IIS, SMTP' -Thumbprint '<your thumbprint>'
+</file>

Virtual Architects Support Wiki

User Tools

Site Tools

Differences

Page Tools