Virtual Architects Support Wiki

User Tools

Site Tools

You are here: start » internet » mail » exchange » exchange_ssl
Trace:
internet:mail:exchange:exchange_ssl

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
internet:mail:exchange:exchange_ssl [2020/06/05 11:05]
gcooper 		internet:mail:exchange:exchange_ssl [2022/04/17 14:08] (current)
gcooper
Line 81: Line 81:
  
 FIXME Needs verification! Not valid for Exchange 2013. FIXME Needs verification! Not valid for Exchange 2013.
- 
-See also **[[va:va_exchange_hosting|CloudPanel Exchange Hosting Panel]]** 
  
 :!: Change the ''mail.yourdomain.com'' part to match the name in your SSL certificate. :!: Change the ''mail.yourdomain.com'' part to match the name in your SSL certificate.
Line 165: Line 163:
 ==== Install on Exchange 2013  ==== ==== Install on Exchange 2013  ====
  
-  - In Exchange Management Shell+=== In Exchange Management Shell === 
 <file>Import-ExchangeCertificate -FileData ([Byte[]]$(Get-Content -Path "E:\Cert_Location\your_cert_name.pfx" -Encoding byte -ReadCount 0))</file> <file>Import-ExchangeCertificate -FileData ([Byte[]]$(Get-Content -Path "E:\Cert_Location\your_cert_name.pfx" -Encoding byte -ReadCount 0))</file>
-  - Check Cert+ 
 +=== Check Cert === 
 <file>Get-ExchangeCertificate | fl</file> <file>Get-ExchangeCertificate | fl</file>
  
Line 183: Line 184:
   - ''Restart-Service MSExchangeImap4''   - ''Restart-Service MSExchangeImap4''
  
-==== Connectors ====+==== Receive Connector ====
  
 https://blog.cpolydorou.net/2018/03/configuring-certificate-on-exchange.html https://blog.cpolydorou.net/2018/03/configuring-certificate-on-exchange.html
  
 <file> <file>
-Get-ReceiveConnector "VA-EXCH-01\Client Frontend VA-EXCH-01" | fl+Get-ReceiveConnector 
 +Get-ReceiveConnector "VA-EXCH-01\Default Frontend VA-EXCH-01" | fl
 </file> </file>
 +
 +Set the correct SSL certificate used by the Default Frontend (SMTP on port 25) connector:
 +
 +<file>
 +Get-ExchangeCertificate
 +$cert = Get-ExchangeCertificate -Thumbprint "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
 +$cert | fl Thumbprint,Issuer,Subject
 +$tls = "<i>$($cert.Issuer)<s>$($cert.Subject)"
 +Set-ReceiveConnector "VA-EXCH-01\Default Frontend VA-EXCH-01" -TlsCertificateName $tls
 +Get-ReceiveConnector "VA-EXCH-01\Default Frontend VA-EXCH-01" | fl
 +</file>
 +
 +Test from a Linux host:
 +
 +<file>
 +openssl s_client -connect exchange.yourdomain.tld:25 -starttls smtp < /dev/null
 +</file>
 +
 +===== Microsoft Exchange Server Auth Certificate =====
 +
 +Read this entire page first: https://byronwright.blogspot.com/2018/05/expired-microsoft-exchange-server-auth.html
 +
 +==== Exchange Admin Center ====
 +
 +Renew the expired/expiring certificate in EAC:
 +
 +**EAC -> Servers -> Certificates**
 +
 +:!: You will need to **copy the thumbprint of the new MESAC** to be used in the following EMS commands.
 +
 +==== Exchange Management Shell ====
 +
 +:!: Substitute your new thumbprint.
 +
 +<file>
 +Get-AuthConfig
 +
 +$thumb = "1DB0B9BC4195B1F5EDFC4CDED5106B9F4069FFF1"
 +$date = get-date
 +
 +Set-AuthConfig -NewCertificateThumbprint $thumb -NewCertificateEffectiveDate $date
 +
 +Set-AuthConfig -PublishCertificate
 +
 +Set-AuthConfig -ClearPreviousCertificate
 +
 +iisreset
 +</file>
 +
 +:!: If it is still not working properly, you might try rebooting the server.
  
 ===== Troubleshooting ===== ===== Troubleshooting =====
internet/mail/exchange/exchange_ssl.1591376747.txt.gz · Last modified: 2020/06/05 11:05 by gcooper

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki