Exchange Server Forums
Forums |
Register |
Login |
My Profile |
Inbox |
RSS
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Import and enable a Certificate
Users viewing this topic:
none
|
Logged in as: Guest
|
Login | |
|
Import and enable a Certificate - 16.Jul.2008 6:35:42 AM
|
|
|
zRan
Posts: 3
Joined: 16.Jul.2008
Status: offline
|
Hi All, I've setup a new exchange 2007 (32bit) environment and successfully setup everything to send and receive basic email. I have a certificate which was exported to a PFX file that includes the private key (this was from Exchange 2003 - the certificate enables me to send encrypted email to a particular host SecureDomain.net (example) I used the following commands to import the certifricate to Exchange 2007: - Import-ExchangeCertificate -Path c:\export.pfx -Password:(Get-Credential).password
- Enable-ExchangeCertificate -Services SMTP
- Set-TransportConfig -TLSReceiveDomainSecureList SecureDomain.net
I created a "send" connector and Enabled Domain Security "Mutual Auth TLS" under network tab , the address space has my domain *.Securedomain.net So in essence, I want ALL email that ends with securedomain.net to use the certificate and encrypt all outbound email. However when I send a test email, I get the bounce message "550 Remote host must supply its certificate" - which tells me the certificate is not being used. I can confirm the certificate also expires in 2011. I had no problems setting this up in Exchange 2003, but im not sure how to associate the certificate with that particular connector? Any tips or advice will be appreciated. Thank you in advance!
|
|
|
RE: Import and enable a Certificate - 16.Jul.2008 8:00:13 AM
|
|
|
Sembee
Posts: 4093
Joined: 17.Jan.2008
From: Somewhere near London, UK
Status: offline
|
I would be curious to know how you had this working on Exchange 2003 as far as I am aware with TLS the certificate is supplied by the recipient, not the sender and Exchange is unable to use a certificate when sending email. You are also aware that the 32 bit version is not intended for production use, only for evaluation. There is no support for the 32 bit version. Simon.
_____________________________
Simon Butler, Exchange MVP Blog: http://blog.sembee.co.uk/ Web: http://www.amset.info/ In the UK? Hire me: http://www.sembee.co.uk/ Exchange Resources: http://exbpa.com/
|
|
|
RE: Import and enable a Certificate - 16.Jul.2008 8:09:39 AM
|
|
|
zRan
Posts: 3
Joined: 16.Jul.2008
Status: offline
|
Hi.. In 2003 the intial steps were - created a Certificate Signing Request (CSR) and sent it of to the host who created the certificate from my CSR (they sent me a .p7b cert) - I installed the certificate they sent me and created a connector with TLS enabled. This worked fine... I now exported the certificate to a PFX file with the private key and want to use it on exchange 2007 for the same type of communication. p.s Im just using the 32bit version for testing and evaluation. Any other suggestions or advice for me to try is appreciated.......
|
|
|
RE: Import and enable a Certificate - 16.Jul.2008 1:22:29 PM
|
|
|
Sembee
Posts: 4093
Joined: 17.Jan.2008
From: Somewhere near London, UK
Status: offline
|
The Connector in Exchange 2003 you created would not be using the certificate that you had installed. With TLS enabled on the SMTP connector is simply looking for the remote site to offer a certificate and then the connection is secured. Works in the same way as when you are visiting a secure web site. You don't present a certificate to the site, they give you a certificate that is secured by the browser. The certificate that you installed would only be used by incoming traffic if you set your SMTP virtual server to use TLS. Simon.
_____________________________
Simon Butler, Exchange MVP Blog: http://blog.sembee.co.uk/ Web: http://www.amset.info/ In the UK? Hire me: http://www.sembee.co.uk/ Exchange Resources: http://exbpa.com/
|
|
|
New Messages |
No New Messages |
Hot Topic w/ New Messages |
Hot Topic w/o New Messages |
Locked w/ New Messages |
Locked w/o New Messages |
|
Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|