Managing Exchange 2007 certificate
ensgr
Registered Users Posts: 1 ■□□□□□□□□□
Hallo there! My first post in here! 
I am a junior Systems Admin with one year of experience, (I was thinking about starting from MCITP Win Server 2008 sys admin, what do you think?)
I am the only IT guy in a small company in Greece wich runs Win Server 2003 Domain and Exchange 2007.
For the previous weeks I was experiencing problems sending to yahoo, after a long search I found out that I had to change the Send connector's name to fix the problem but it was not the only one I had to do..
I realized that in the event viewer I continiously take this error unfortunatelly I do not have an account to eventID in order to view the solution. Through google I tried to study some articles from microsoft but it wasn't easy to solve the problem through the exchange's command sell.
I got confused!
I have also found this in order to troubleshoot the problem.. I think that I have to create a certificate that corresponds to the Sent connector but with the right domain name: mail.company.gr but how I will do it? What is the command I should type exactly and after that how I will enable the new certificate?
Can someone help me in order to edit the certificates FQDN name or how to create a new certificate with the right name of my exchange server in the Send connector?
Thanks in advance, sorry if this is not the right place to post my problem..
Lefteris
I am a junior Systems Admin with one year of experience, (I was thinking about starting from MCITP Win Server 2008 sys admin, what do you think?)
I am the only IT guy in a small company in Greece wich runs Win Server 2003 Domain and Exchange 2007.
For the previous weeks I was experiencing problems sending to yahoo, after a long search I found out that I had to change the Send connector's name to fix the problem but it was not the only one I had to do..
I realized that in the event viewer I continiously take this error unfortunatelly I do not have an account to eventID in order to view the solution. Through google I tried to study some articles from microsoft but it wasn't easy to solve the problem through the exchange's command sell.
I got confused!
I have also found this in order to troubleshoot the problem.. I think that I have to create a certificate that corresponds to the Sent connector but with the right domain name: mail.company.gr but how I will do it? What is the command I should type exactly and after that how I will enable the new certificate?
Can someone help me in order to edit the certificates FQDN name or how to create a new certificate with the right name of my exchange server in the Send connector?
Thanks in advance, sorry if this is not the right place to post my problem..
Lefteris
Comments
-
jamesp1983
Member Posts: 2,475 ■■■■□□□□□□
make sure the new certificate's cn matches the url people use to access the various exchange services. you'll want to make sure all of the url's match the cn. you need a new certificate. These should help:
You Had Me At EHLO... : Exchange 2007 lessons learned - generating a certificate with a 3rd party CA
https://www.digicert.com/easy-csr/exchange2007.htm
Creating a Certificate or Certificate Request for TLS: Exchange 2007 Help"Check both the destination and return path when a route fails." "Switches create a network. Routers connect networks." -
pityr
Registered Users Posts: 5 ■□□□□□□□□□
The certificate probably isn't your problem. The error you are most likely seeing is just a result of the server trying to use TLS but its being rejected by the recipient's system since its a self signed cert. Thats OK because it will just try again without TLS. This error will not affect regular mail flow.
I would first look to see if the host name that your server is using on its send connector is the same one you get when you do a look up on your internet IP. see:
You are unable to send or receive SMTP messages from certain Internet domains in Exchange 2000 Server, in Exchange Server 2003, and in Small Business Server 2003
Yahoo and other mail services often will not talk to you if you don't have the right DNS entries setup.