question

RamarajuChennu-4196 avatar image
0 Votes"
RamarajuChennu-4196 asked JeffYang-MSFT commented

MS Exchange 2016 Edge server and certificates

Hi All,

I have Exchange 2016 environment with Edge and Mailbox servers, Now Mailbox server have Third-Party certificate(GoDaddy) and Edge server running with self-CA certificate, recently we have some random scans over our email domain on https://ssl-tools.net/mailservers/ and https://www.checktls.com/TestReceiver and we failed on certificate category as below.

115884-image.png



Detail error as below

Certificate #1 of 1 (sent by MX):
Cert is unsigned
Cert VALIDATION ERROR(S): unable to get local issuer certificate
This may help: What Is An Intermediate Certificate
So email is encrypted but the recipient domain is not verified

I suspected this due to self-CA certificate on Edge server, I hope Same Godaddy certificate were can't install on Mailbox and Edge server.
To over come this error Edge server also require a different Third-Party certificate? Please suggest me on this.

office-exchange-server-administration
image.png (31.9 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

JeffYang-MSFT avatar image
0 Votes"
JeffYang-MSFT answered JeffYang-MSFT commented

Hi @RamarajuChennu-4196,

Welcome to Microsoft Q&A!

About the Cert Error you found via third-party tools, may I know have you ever encountered any issues or error prompts which might point to this CA Cert during your daily use? If yes, in order to further research about your issue, please try to provide us with more information related to your issue.

I did much search about your test result and found a similar thread, in which it says the CN of the certificate should match your IP Interface hostname, which should also match your MX record. So, it would be suggested for you to check if your certificate has been properly configured. For more information, please check: TLS Cert NOT VALIDATED: unable to get local issuer certificate. (Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.)

Any updates about this issue, please feel free to post back.


If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @RamarajuChennu-4196,
Just checking in to see if above information was helpful. If you have any further updates on this issue, please feel free to post back.

0 Votes 0 ·