Exchange Server Forums

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Cannot enable SMTP Certificate?

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [Microsoft Exchange 2007] >> Secure Messaging >> Cannot enable SMTP Certificate? Page: [1]
Login
Message << Older Topic   Newer Topic >>
Limited time MSExchange.org offer! -- 1.Sep.2008 1:00:00 PM
TechGenix and SolarWinds have partnered to provide free copies of SolarWinds Exchange Monitor to all visitors who join the MSExchange.org Forums. SolarWinds Exchange Monitor is a handy desktop dashboard that continuously monitors Microsoft Exchange to deliver real-time insight into Exchange services, mail queue sizes, and host server health. Learn more about Exchange Monitor and the free offer!
Cannot enable SMTP Certificate? - 22.Aug.2008 4:12:59 PM   
imran_mcse

 

Posts: 38
Joined: 11.Jan.2004
From: Dubai Internet City
Status: offline 		I am trying very hard to attach a newly certificate to all the services. It is successful for all services but failing for SMTP service and due to that nobody is able to send outside messages. The below is error message:
Enable-ExchangeCertificate -thumbprint
457C73971138BDD3EC2BDDCD69FA21C4FFDC6826 -services "SMTP"
WARNING: This certificate will not be used for external TLS connections with an
FQDN of 'exchange' because the CA-signed certificate with thumbprint
'1344291D08C11B770896BAB88F3AF6D38748FEDC' takes precedence. The following
connectors match that FQDN: Default EXCHANGE, Client EXCHANGE.

What can be the cause please help me to solve the issue.
Post #: 1
RE: Cannot enable SMTP Certificate? - 22.Aug.2008 5:38:41 PM   
Elan Shudnow

 

Posts: 544
Joined: 4.Jan.2007
From: Chicago, IL
Status: online 		Looks like you're trying to enable a self-signed certificate for TLS when you already have a certificate installed that was either signed by a 3rd party Certificate Authority or an internal CA.  Part of the TLS certificate selection process looks at the certificates that are installed on Exchange.  If it sees a self-signed certificate and a PKI certificate, the PKI certificate is chosen.  Because of this, it wouldn't make sense to enable a self-signed certificate for SMTP when you already have a PKI certificate doing SMTP due to the preference given to a PKI certificate.

If you absolutely want the self-signed certificate to do SMTP, you'd have to set the services for the PKI to $null and re-set the services on the PKI to not include SMTP.  Then on your self-signed certificate, you would enable SMTP.

_____________________________

Elan Shudnow
http://www.shudnow.net

(in reply to imran_mcse)
Post #: 2

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [Microsoft Exchange 2007] >> Secure Messaging >> Cannot enable SMTP Certificate? Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts