Thursday, December 5, 2024

Updating Connectors with New SSL Certificate

When you update your SSL certificate on your Exchange Servers it is also a necessary action to update both the Send and Received Connectors that have bindings. If this is not performed, then firstly you won’t be able to delete the old certificate as it is bound to the connector but more importantly, and certainly in a Hybrid scenario, you can break mail flow if the server that is sending requires validation of a TLS connection.

The good news is that it is an easy task to do. Follow these PowerShell steps to do this.

Get the Thumbprint of the certificate you need to apply to the connector.

get-exchangecertificate | ft

Then you can use that in the following command

$cert = get-exchangecertificate -thumbprint XX
$tlscertificatename = "<i>$($cert.Issuer)<s>$($cert.Subject)"

This will setup the $tlscertificatename with the details needed to apply to the connectors.

Then use the following PowerShell to apply the certificate to both the Send and Receive Connectors. Obviously you will need to edit those commands with the actual connector names.


Set-SendConnector "Outbound to Office 365" -TlsCertificateName $tlscertificatename

Set-ReceiveConnector "EXCHANGESERVER\Default Frontend EXCHANGESERVER" -TlsCertificateName $tlscertificatename

Once this is done you are able to delete any old certificates that you may have. Note that there is no need to restart any services as they will take effect immediately.

** QUICK ADDITIONAL NOTE **

When renewing certificates it is quite common for the name of the certificate to stay the same. That means that when you update the certificate on the send connector it will say that no updates have been made. But you still can’t delete the old certificate because it thinks it is applied to the Send Connector.

To fix this, just set the certificate that is assigned to the Send Connector to NULL. Use this command.

Set-SendConnector "Outbound to Office 365" -TlsCertificateName $NULL

Then you can remove the old certificate. After which you can just apply the correct certificate to the Send Connector.

Mark Rochester
Mark Rochesterhttps://thecloudgeezer.com
Mark currently works in the cloud space assisting large companies to migrate from either on premises to the cloud, or cloud to cloud. His experience with Enterprise migrations spans more than 25 years which basically makes him old. However, with all the oldness creeping up he still finds technology massively exciting. Please reach out for a chat anytime you would like. :-)

Related Articles

Microsoft 365 Discovery Report

Overview The Microsoft 365 Discovery Report is a collection of outputs from the various workloads inside a Microsoft 365 tenant, all consolidated into a single...

Migrate Microsoft 365 Mailboxes to Google Workspace

This is not a very common subject to talk about as most of the migrations that get performed are people moving into the Microsoft...

Batches Paused in ‘Needs Approval’ Status

When you are using the native Microsoft tools to migrate from Google Workspace (Gmail) into Microsoft 365 the tool works very well. It does...

Stay Connected

88FansLike
36,999FollowersFollow
32,381SubscribersSubscribe
- Advertisement -

Latest Articles