Exchange Server Forums

Import and enable a Certificate

Users viewing this topic: none

Logged in as: Guest

Printable Version

All Forums >> [Microsoft Exchange 2007] >> General >> Import and enable a Certificate

Page: [1]

Message

<< Older Topic Newer Topic >>

Import and enable a Certificate - 16.Jul.2008 6:35:42 AM

zRan

Posts: 3
Joined: 16.Jul.2008
Status: offline

Hi All,

I've setup a new exchange 2007 (32bit) environment and successfully setup everything to send and receive basic email.

I have a certificate which was exported to a PFX file that includes the private key (this was from Exchange 2003 - the certificate enables me to send encrypted email to a particular host SecureDomain.net (example)

I used the following commands to import the certifricate to Exchange 2007:

Import-ExchangeCertificate -Path c:\export.pfx -Password:(Get-Credential).password

Enable-ExchangeCertificate -Services SMTP

Set-TransportConfig -TLSReceiveDomainSecureList SecureDomain.net

I created a "send" connector and Enabled Domain Security "Mutual Auth TLS" under network tab , the address space has my domain *.Securedomain.net

So in essence, I want ALL email that ends with securedomain.net to use the certificate and encrypt all outbound email.

However when I send a test email, I get the bounce message "550 Remote host must supply its certificate" - which tells me the certificate is not being used. I can confirm the certificate also expires in 2011.

I had no problems setting this up in Exchange 2003, but im not sure how to associate the certificate with that particular connector?

Any tips or advice will be appreciated.

Thank you in advance!

Post #: 1

Featured Links*

RE: Import and enable a Certificate - 16.Jul.2008 8:00:13 AM

Sembee

Posts: 4093
Joined: 17.Jan.2008
From: Somewhere near London, UK
Status: offline

I would be curious to know how you had this working on Exchange 2003 as far as I am aware with TLS the certificate is supplied by the recipient, not the sender and Exchange is unable to use a certificate when sending email.

You are also aware that the 32 bit version is not intended for production use, only for evaluation. There is no support for the 32 bit version.

Simon.

_____________________________

Simon Butler,
Exchange MVP
Blog: http://blog.sembee.co.uk/
Web: http://www.amset.info/
In the UK? Hire me: http://www.sembee.co.uk/
Exchange Resources: http://exbpa.com/

(in reply to zRan)

Post #: 2

RE: Import and enable a Certificate - 16.Jul.2008 8:09:39 AM

zRan

Posts: 3
Joined: 16.Jul.2008
Status: offline

Hi..

In 2003 the intial steps were
- created a Certificate Signing Request (CSR) and sent it of to the host who created the certificate from my CSR (they sent me a .p7b cert)
- I installed the certificate they sent me and created a connector with TLS enabled.

This worked fine...

I now exported the certificate to a PFX file with the private key and want to use it on exchange 2007 for the same type of communication.

p.s Im just using the 32bit version for testing and evaluation.

Any other suggestions or advice for me to try is appreciated.......

(in reply to Sembee)

Post #: 3

RE: Import and enable a Certificate - 16.Jul.2008 1:22:29 PM

Sembee

Posts: 4093
Joined: 17.Jan.2008
From: Somewhere near London, UK
Status: offline

The Connector in Exchange 2003 you created would not be using the certificate that you had installed.

With TLS enabled on the SMTP connector is simply looking for the remote site to offer a certificate and then the connection is secured. Works in the same way as when you are visiting a secure web site. You don't present a certificate to the site, they give you a certificate that is secured by the browser.

The certificate that you installed would only be used by incoming traffic if you set your SMTP virtual server to use TLS.

Simon.

_____________________________

Simon Butler,
Exchange MVP
Blog: http://blog.sembee.co.uk/
Web: http://www.amset.info/
In the UK? Hire me: http://www.sembee.co.uk/
Exchange Resources: http://exbpa.com/

(in reply to zRan)

Post #: 4