Bind Exchange SMTP service to new SSL certificate

FXE 501 Reputation points
2021-10-22T15:56:21.887+00:00

Hi all,

I'm trying to bind Exchange SMTP service to our new SSL certificate. But the bind stays on the old SSL certificate whereas I check it in ECP or I use Enable-ExchangeCertificate -Thumbprint xxx -Services SMTP.

How can I bind this new SSL certificate to SMTP service ?

Thank you.

Exchange Server Management
Exchange Server Management
Exchange Server: A family of Microsoft client/server messaging and collaboration software.Management: The act or process of organizing, handling, directing or controlling something.
7,356 questions
0 comments
Accepted answer
  1. FXE 501 Reputation points
    2021-11-25T11:10:23.193+00:00

    Hi all,

    Near 20 days after, MSFT Support team has finally found me a solution !
    This about the way to add certificate on Exchange Server.

    What I did : import certificate using MMC on Exchange Server, try to bind it on SMTP service, which failed
    What I had to do : remove certificate using MMC on Exchange Server
    What I have to do now : import certificate using EAC and bind it on SMTP service, which works, and for next year remove expired certificate using EAC and then import new certificate using EAC, ...

    MSFT has no explication about this behaviour... The solution must be taken as it is !

    Voilà !
    Have a good day !

7 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Andy David - MVP 142.2K Reputation points MVP
    2021-10-22T15:57:45.36+00:00

    It wouldnt be removed from the other cert, but the new one should show its assigned to SMTP. Its not doing that?
    What happens when you assign it? Any message?

  2. Andy David - MVP 142.2K Reputation points MVP
    2021-10-23T13:31:09.32+00:00

    Are you sure the new cert is valid?

    When you run the Powershell command to enable for SMTP, you get no message at all? It just doesnt work?

  3. Joyce Shen - MSFT 16,646 Reputation points
    2021-10-25T02:28:21.187+00:00

    Hi @FXE

    Any update here? Could you please share the error you met after deploying the new certificate?

    According to your information above, the results return correctly when running this command:
    Get-ExchangeCertificate | Format-List FriendlyName,Subject,CertificateDomains,Thumbprint,Services

    In addition, please also check if you performed the below steps to replace the certificate binding to connectors? 

    Get-ReceiveConnector -Identity "SERVER\Client Frontend SERVER" | select TlsCertificateName | FL

    If it still returns the old one 

    $cert = Get-ExchangeCertificate -Thumbprint 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'  
$tlscertificatename = "<i>$($cert.Issuer)<s>$($cert.Subject)"  
Set-ReceiveConnector "SERVER\Client Frontend SERVER" -TlsCertificateName $tlscertificatename

    You could refer to this link to get more information: Configuring the TLS Certificate Name for Exchange Server Receive Connectors
    Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

    If an Answer is helpful, please click "Accept Answer" and upvote it.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments
  4. FXE 501 Reputation points
    2021-10-25T06:14:59.113+00:00

    Hi all,

    It appears I missed my post yesterday...
    Here is what I failed to post : @Andy David - MVP cert is valid as it's used for another services without any issue, the PowerShell command Enable-ExchangeCertificate -Thumbprint xxx -Services SMTP runs flawlessly without any message.

    @Joyce Shen - MSFT : I will take a look about that this day.

    Regards,