Hub Transport TLS certificates
GrayhenTor
Member Posts: 43 ■■□□□□□□□□
Trying to find out some more info about TLS certificate expiry on Exchange 2007 HT server...
When they pass expiry date you get event 12016:
"There is no valid SMTP Transport Layer Security (TLS) certificate for the FQDN ... The continued use of that FQDN will cause mail flow problems"
The HT server continues to route emails after this though ( for at least two weeks which is how long it took me to get around to renewing the cert).
So...
- Does it route them but not encrypt them ?
- Does there come a time when the HT server will actually stop routing unless a certificate is renewed/installed? How long is this grace period ?
?
When they pass expiry date you get event 12016:
"There is no valid SMTP Transport Layer Security (TLS) certificate for the FQDN ... The continued use of that FQDN will cause mail flow problems"
The HT server continues to route emails after this though ( for at least two weeks which is how long it took me to get around to renewing the cert).
So...
- Does it route them but not encrypt them ?
- Does there come a time when the HT server will actually stop routing unless a certificate is renewed/installed? How long is this grace period ?
?
Comments
-
Claymoore
Member Posts: 1,637
GrayhenTor wrote: »The HT server continues to route emails after this though ( for at least two weeks which is how long it took me to get around to renewing the cert).
So...
- Does it route them but not encrypt them ?
- Does there come a time when the HT server will actually stop routing unless a certificate is renewed/installed? How long is this grace period ?
?
They will route but not encrypt
A connector that requires TLS will fail with an invalid cert and there is no grace period.
Exchange 2007 uses opportunistic TLS, which means it will try to send messages using TLS first and then try without TLS. When the HT server tried to connect to a third-party SMTP server, that server should have rejected the TLS connection based on the expired cert. At that point, the HT server would try a regular SMTP connection and send the mail. The only time delivery would fail is if you require the SMTP servers to authenticate or otherwise require TLS and an invalid cert would prevent the connection. -
GrayhenTor
Member Posts: 43 ■■□□□□□□□□
Fantastic! Thanks, Claymoore, for the very clear explanation.
-
Jessye Fran
Registered Users Posts: 1 ■□□□□□□□□□
Aviation is able to quickly transport people and limited amounts of cargo over longer distances, but incur high costs and energy use; for short distances or in inaccessible places helicopters can be used.same day delivery -
GrayhenTor
Member Posts: 43 ■■□□□□□□□□
Jessye Fran wrote: »Aviation is able to quickly transport people and limited amounts of cargo over longer distances, but incur high costs and energy use; for short distances or in inaccessible places helicopters can be used.same day delivery
Erm...
Set-TransportServer -UseHelicopters $True
? -
gateway
Member Posts: 232
How random!
Blogging my AWS studies here! http://www.itstudynotes.uk/aws-csa