Hi,
I am in the process of implementing Cross-Forest routing between two Exchange Organizations (Exchange 2010 and Exchange 2013).
When I configure the send connector on either side to authentication only after establishing TLS I am getting errors in the SMTP logs stating "cannot validate certificate". I am assuming that this is because it is making the connection on my Default Receive Connector and it cannot validate the certificate because Exchange is configure to use a self signed certificate for TLS (SMTP) by default.
My questions are:
- Is there any way to get Exchange to bypass the validation and establish TLS without verifying the cert? (I believe with opportunistic TLS this occurs and the self signed certificate is used to encrypt the channel).
- A)If I cannot use the self signed certificate for Basic Authentication over TLS, can I create another receive connector that will allow basic authentication over TLS? If so, I assume I will assign an FQDN to the connector and match the subject name on the TLS Cert to the FQDN property?
- B) If I opt to go with a new receive connector and a CA signed certificate for TLS, how do I assign that particular certificate to the new receive connector. As far as I can tell Exchange 2010 does not have this property that can be set on the receive connector to use a specific TLS certificate. One newer versions of Exchange there is a -TlsCertificateName parameter on the Set-ReceiveConnector cmdlet, however this is not available on Exchange 2010.
Thanks in advance.
Mike.