I have been trying to setup TLS on exchange 2010 using a public certificate. but when I perform a TLS check I get an error because of the exchange self-signed certificate.
Please find result of the test below:
Checking hmtadmin@deloitte-mu.com
looking up MX hosts on domain "deloitte-mu.com"
- *******.deloitte-mu.com (preference:20)
Trying TLS on **********.deloitte-mu.com[196.192.8.61] (20):
| seconds | test stage and result | |
|---|---|---|
| [000.870] | Connected to server | |
| [001.157] | <-- | 220 <local hostname>.deloitte-mu.local Microsoft ESMTP MAIL Service ready at Thu, 6 Jun 2013 14:35:41 +0400 |
| [001.157] | We are allowed to connect | |
| [001.158] | --> | EHLO checktls.com |
| [001.454] | <-- | 250-<local hostname>.deloitte-mu.local
Hello [69.61.187.232] 250-SIZE 250-PIPELINING 250-DSN 250-ENHANCEDSTATUSCODES 250-STARTTLS 250-X-ANONYMOUSTLS 250-AUTH NTLM 250-X-EXPS GSSAPI NTLM 250-8BITMIME 250-BINARYMIME 250-CHUNKING 250-XEXCH50 250-XRDST 250 XSHADOW |
| [001.454] | We can use this server | |
| [001.455] | TLS is an option on this server | |
| [001.455] | --> | STARTTLS |
| [001.748] | <-- | 220 2.0.0 SMTP server ready |
| [001.749] | STARTTLS command works on this server | |
| [002.366] | Cipher in use: AES128-SHA | |
| [002.366] | Connection converted to SSL | |
| [002.427] | Certificate 1 of 2 in chain: subject= /CN=<local hostname> issuer= /CN=<local hostname> | |
| [002.460] | Certificate 2 of 2 in chain: subject= /CN=<local hostname> issuer= /CN=<local hostname> | |
| [002.722] | Cert NOT VALIDATED: unable to get local issuer certificate | |
| [002.722] | this may help: What Is An Intermediate Certificate | |
| [002.724] | So email is encrypted but the domain is not verified | |
| [002.728] | Cert Hostname DOES NOT VERIFY (*********.deloitte-mu.com !=<local hostname>) | |
| [002.729] | So email is encrypted but the host is not verified | |
| [002.729] | ~~> | EHLO checktls.com |
| [003.028] | <~~ | 250-<local hostname>.deloitte-mu.local
Hello [69.61.187.232] 250-SIZE 250-PIPELINING 250-DSN 250-ENHANCEDSTATUSCODES 250-AUTH NTLM LOGIN 250-X-EXPS GSSAPI NTLM 250-8BITMIME 250-BINARYMIME 250-CHUNKING 250-XEXCH50 250-XRDST 250 XSHADOW |
| [003.033] | TLS successfully started on this server | |
| [003.033] | ~~> | MAIL FROM: <test@checktls.com> |
| [003.327] | <~~ | 250 2.1.0 Sender OK |
| [003.337] | Sender is OK | |
| [003.337] | ~~> | RCPT TO: <hmtadmin@deloitte-mu.com> |
| [003.633] | <~~ | 250 2.1.5 Recipient OK |
| [003.634] | Recipient OK, E-mail address proofed | |
| [003.634] | ~~> | QUIT |
| [003.932] | <~~ | 221 2.0.0 Service closing transmission channel Can anyone help me on the issue above. Thanks. |