Virtual Architects Support Wiki

User Tools

Site Tools

You are here: start » internet » mail » exchange » exchange_ssl
Trace:
internet:mail:exchange:exchange_ssl

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
internet:mail:exchange:exchange_ssl [2020/08/25 14:43]
gcooper 		internet:mail:exchange:exchange_ssl [2022/04/17 14:08] (current)
gcooper
Line 83: Line 83:
  
 :!: Change the ''mail.yourdomain.com'' part to match the name in your SSL certificate. :!: Change the ''mail.yourdomain.com'' part to match the name in your SSL certificate.
- 
-==== Get Current Configuration ==== 
- 
-<file> 
-Get-ExchangeCertificate | Format-List FriendlyName,Subject,CertificateDomains,Thumbprint,Services 
-</file> 
- 
-==== Change the Configuration ==== 
  
 Depending on the names you currently have included in your SSL certificate, you can run the following commands in the Exchange Management Shell to point the internal URL that Exchange uses to the Public Name configured in your SSL certificate: Depending on the names you currently have included in your SSL certificate, you can run the following commands in the Exchange Management Shell to point the internal URL that Exchange uses to the Public Name configured in your SSL certificate:
Line 171: Line 163:
 ==== Install on Exchange 2013  ==== ==== Install on Exchange 2013  ====
  
-  - In Exchange Management Shell+=== In Exchange Management Shell === 
 <file>Import-ExchangeCertificate -FileData ([Byte[]]$(Get-Content -Path "E:\Cert_Location\your_cert_name.pfx" -Encoding byte -ReadCount 0))</file> <file>Import-ExchangeCertificate -FileData ([Byte[]]$(Get-Content -Path "E:\Cert_Location\your_cert_name.pfx" -Encoding byte -ReadCount 0))</file>
-  - Check Cert+ 
 +=== Check Cert === 
 <file>Get-ExchangeCertificate | fl</file> <file>Get-ExchangeCertificate | fl</file>
  
Line 189: Line 184:
   - ''Restart-Service MSExchangeImap4''   - ''Restart-Service MSExchangeImap4''
  
-==== Connectors ====+==== Receive Connector ====
  
 https://blog.cpolydorou.net/2018/03/configuring-certificate-on-exchange.html https://blog.cpolydorou.net/2018/03/configuring-certificate-on-exchange.html
  
 <file> <file>
-Get-ReceiveConnector "VA-EXCH-01\Client Frontend VA-EXCH-01" | fl+Get-ReceiveConnector 
 +Get-ReceiveConnector "VA-EXCH-01\Default Frontend VA-EXCH-01" | fl
 </file> </file>
 +
 +Set the correct SSL certificate used by the Default Frontend (SMTP on port 25) connector:
 +
 +<file>
 +Get-ExchangeCertificate
 +$cert = Get-ExchangeCertificate -Thumbprint "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
 +$cert | fl Thumbprint,Issuer,Subject
 +$tls = "<i>$($cert.Issuer)<s>$($cert.Subject)"
 +Set-ReceiveConnector "VA-EXCH-01\Default Frontend VA-EXCH-01" -TlsCertificateName $tls
 +Get-ReceiveConnector "VA-EXCH-01\Default Frontend VA-EXCH-01" | fl
 +</file>
 +
 +Test from a Linux host:
 +
 +<file>
 +openssl s_client -connect exchange.yourdomain.tld:25 -starttls smtp < /dev/null
 +</file>
 +
 +===== Microsoft Exchange Server Auth Certificate =====
 +
 +Read this entire page first: https://byronwright.blogspot.com/2018/05/expired-microsoft-exchange-server-auth.html
 +
 +==== Exchange Admin Center ====
 +
 +Renew the expired/expiring certificate in EAC:
 +
 +**EAC -> Servers -> Certificates**
 +
 +:!: You will need to **copy the thumbprint of the new MESAC** to be used in the following EMS commands.
 +
 +==== Exchange Management Shell ====
 +
 +:!: Substitute your new thumbprint.
 +
 +<file>
 +Get-AuthConfig
 +
 +$thumb = "1DB0B9BC4195B1F5EDFC4CDED5106B9F4069FFF1"
 +$date = get-date
 +
 +Set-AuthConfig -NewCertificateThumbprint $thumb -NewCertificateEffectiveDate $date
 +
 +Set-AuthConfig -PublishCertificate
 +
 +Set-AuthConfig -ClearPreviousCertificate
 +
 +iisreset
 +</file>
 +
 +:!: If it is still not working properly, you might try rebooting the server.
  
 ===== Troubleshooting ===== ===== Troubleshooting =====
internet/mail/exchange/exchange_ssl.1598388215.txt.gz · Last modified: 2020/08/25 14:43 by gcooper

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki