Saturday, February 4, 2023

Updating Connectors with New SSL Certificate

When you update your SSL certificate on your Exchange Servers it is also a necessary action to update both the Send and Received Connectors that have bindings. If this is not performed, then firstly you won’t be able to delete the old certificate as it is bound to the connector but more importantly, and certainly in a Hybrid scenario, you can break mail flow if the server that is sending requires validation of a TLS connection.

The good news is that it is an easy task to do. Follow these PowerShell steps to do this.

Get the Thumbprint of the certificate you need to apply to the connector.

get-exchangecertificate | ft

Then you can use that in the following command

$cert = get-exchangecertificate -thumbprint XX
$tlscertificatename = "<i>$($cert.Issuer)<s>$($cert.Subject)"

This will setup the $tlscertificatename with the details needed to apply to the connectors.

Then use the following PowerShell to apply the certificate to both the Send and Receive Connectors. Obviously you will need to edit those commands with the actual connector names.


Set-SendConnector "Outbound to Office 365" -TlsCertificateName $tlscertificatename

Set-ReceiveConnector "EXCHANGESERVER\Default Frontend EXCHANGESERVER" -TlsCertificateName $tlscertificatename

Once this is done you are able to delete any old certificates that you may have. Note that there is no need to restart any services as they will take effect immediately.

** QUICK ADDITIONAL NOTE **

When renewing certificates it is quite common for the name of the certificate to stay the same. That means that when you update the certificate on the send connector it will say that no updates have been made. But you still can’t delete the old certificate because it thinks it is applied to the Send Connector.

To fix this, just set the certificate that is assigned to the Send Connector to NULL. Use this command.

Set-SendConnector "Outbound to Office 365" -TlsCertificateName $NULL

Then you can remove the old certificate. After which you can just apply the correct certificate to the Send Connector.

Mark Rochester
Mark Rochesterhttps://thecloudgeezer.com
Mark currently works in the cloud space assisting large companies to migrate from either on premises to the cloud, or cloud to cloud. His experience with Enterprise migrations spans more than 25 years which basically makes him old. However, with all the oldness creeping up he still finds technology massively exciting. Please reach out for a chat anytime you would like. :-)

Related Articles

Migrate Microsoft Teams using MigrationWiz

As there is no native way to migrate the content from Tenant to Tenant for Microsoft Teams we need to use a paid toolset...

Migrate Microsoft 365 Tenant to Tenant with Free Native Tools

An interesting topic again, debating whether the free native tools that are available to migrate the Exchange Online workload in Microsoft 365 are good...

Create ‘Dummy Test’ Users in Local Active Directory

The need for this comes along when you are testing things like Azure AD Connect Sync, or an AD to AD migration. Maybe an...

Stay Connected

82FansLike
37,255FollowersFollow
685SubscribersSubscribe
- Advertisement -

Latest Articles