This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(304, 74%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESR%3C/text%3E%3C/svg%3E)
I'd like to confirm the certificate details assigned to a receive connector in exchange 2016 server, like certificate Thumbprint and FriendlyName. How could I collect this info. Get-ReceiveConnector cmd is not very helpful in this case.
A robust email, calendaring, and collaboration platform developed by Microsoft, designed for enterprise-level communication and data management.Miscellaneous topics that do not fit into specific categories.
The administration and maintenance of Microsoft Exchange Server to ensure secure, reliable, and efficient email and collaboration services across an organization.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
HI, you may try Get-ChildItem -Path cert:\LocalMachine\My | Where-Object {$_.Thumbprint -eq (Get-ReceiveConnector -Identity <ReceiveConnectorName>).TlsCertificateThumbprint} to see if it works.
Answer accepted by question author
If you want to see which specific certificate is being used, then enable SMTP protocol logging on the receive connector. Then check the text protocol logs that are generated and look for that receive connector by name. It will show you in the SMTP conversation which cert and thumbprint is being used https://learn.microsoft.com/en-us/exchange/mail-flow/connectors/configure-protocol-logging?view=exchserver-2019#use-the-eac-to-configure-protocol-logging
I wish if could get it through cmd too .
The receive connectors do not care or know about the thumbprint of the certificate. Its looking for a certificate assigned to the SMTP service and with a subject name that matches the FQDN set on the connector.
If you want to lock the connector down to a specific cert, use the TLSCertificateName set on the connector that matches the subject and issuer of an installed certificate.
If you have multiple certs with the same subject and issuer name, then Exchange will prefer a valid 3rd party cert with the later expiration date:
https://practical365.com/configuring-the-tls-certificate-name-for-exchange-server-receive-connectors/
https://learn.microsoft.com/en-us/exchange/mail-flow/connectors/receive-connectors?view=exchserver-2019#receive-connector-changes-in-exchange-server
My issue is, I have couple of certs installed on my exchange server and one of them is assigned to a receive connector. I need to figure out which one it is. Get-receiveconnector or get-exchnagecertificate is not helpful.
I have multiple certs on exchange 2016 and I need to confirm the one that is mapped to receive connector. Get-receiveconnector and get-exchangecertificate is not helping.
How about using the Get-ReceiveConnector | Select-Object Identity, TlsCertificateName command?
No luck. It doesn't give you the thumbprint.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(137.6, 98%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAS%3C/text%3E%3C/svg%3E)
You're correct; the Get-ReceiveConnector cmdlet doesn't directly display certificate details. You can try the below option to check the certificate assigned to a receive connector in Exchange 2016:
Option 1
Combine the Get-ReceiveConnector and Get-ExchangeCertificate cmdlets.
Use Get-ReceiveConnector to identify the TlsCertificateName property of the desired connector.
Run Get-ExchangeCertificate -Thumbprint [Thumbprint from Get-ReceiveConnector] to retrieve details of the specific certificate.
Option 2
Use Set-ReceiveConnector -Identity [ConnectorName] -Fields * to display all connector properties, including the TlsCertificateName.
Ex
tract the thumbprint from the output and use Get-ExchangeCertificate -Thumbprint [Thumbprint] for detailed information.
Thumbprint is not populating from get-receiveconnector cmd. You get following and outputs after running get-receiveconnector -id "server neme\connector name"| fl *
and TlsCertificateName shows following info with serial # which is common with other certs too and I need to find out how to process this info to get certificate details.
Again name and identity is displaying connector and server name.