none
Using TLS certificate with Windows 2008 SMTP virtual server

    Question

  • Helo

    I am trying to configure the SMTP engine in Windows Server 2008 to use a TLS certificate.

    When I right click the SMTP Virtual server --> Properties --> Access Tab. In the secure communications section it says "TLS is not available without a certificate". There is no certificate button to add one.

    I did some Googling and read that if you use the MMC certificate snapin to manually add a certificate to the Local Machine\Personal store that it will be detected by IIS and this certificate will show up in the SMTP virtaul server properties. Unfortunately this doesn't seem to have happened. I added the certificate via the MMC and then did, IISReset.

    No certificate.

    I then tried rebooting the server, still no certificate.

    Anyone have any ideas how to add this certificate to allow outbound TLS SMTP communciation in Windows server 2008?

    Thank you.

    Thursday, September 29, 2011 10:21 AM

Answers

  • Hi,

     

    From the problem description, I understand that you would like to use TLS certificate with Windows 2008 SMTP virtual server. As we know, The SMTP server is not installed by default. SMTP can be added through the Features Summary area of the Server Manager tool in Windows Server 2008.

     

    Towards the SMTP virtual server administration, there are some links for your reference:

     

    Title: Configure SMTP E-mail (IIS 7)

    URL: http://technet.microsoft.com/en-us/library/cc772058(WS.10).aspx

     

    Title: How do I administer SMTP on Server 2008?

    URL: http://social.technet.microsoft.com/Forums/en-US/windowsserver2008r2general/thread/a14a14c0-2406-4cfc-bb6d-0f6284401513/

     

    At the same time, could you please provide some snapshots when you tried to configure the TLS certificate? I think it’s a checkpoint here.

     

    Regards,

    James
    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Friday, September 30, 2011 7:51 AM

All replies

  • Hi,

     

    From the problem description, I understand that you would like to use TLS certificate with Windows 2008 SMTP virtual server. As we know, The SMTP server is not installed by default. SMTP can be added through the Features Summary area of the Server Manager tool in Windows Server 2008.

     

    Towards the SMTP virtual server administration, there are some links for your reference:

     

    Title: Configure SMTP E-mail (IIS 7)

    URL: http://technet.microsoft.com/en-us/library/cc772058(WS.10).aspx

     

    Title: How do I administer SMTP on Server 2008?

    URL: http://social.technet.microsoft.com/Forums/en-US/windowsserver2008r2general/thread/a14a14c0-2406-4cfc-bb6d-0f6284401513/

     

    At the same time, could you please provide some snapshots when you tried to configure the TLS certificate? I think it’s a checkpoint here.

     

    Regards,

    James
    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Friday, September 30, 2011 7:51 AM
  • I would have ask in security forum.

     

    Thanks

    Friday, September 30, 2011 9:12 AM
  • Any Update?

    James


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Tuesday, October 04, 2011 1:29 AM
  • Looking in the Security forum; they send questions about configuring SMTP and TLS in IIS over to this forum.
    Tuesday, July 24, 2012 11:15 AM
  • First, make sure you have only the certificate to be used by the SMTP server in the Local_Machine\Personal certificates repository.  (if you have multiple certificates, you can add them later).

    Second, make sure that the Fully-quilified domain name configured under the SMTP Virtial Server properties matches the certificates subject name.

    Third, configure the SMTP Virtial Server FQDN goto: SMTP Virtual Server Properties > Delivery TAB > Advanced BUTTON > and type the FQDN in the "Fully-quilified domain name" textbox > and restart the SMTP service.

    and Forth, confirm that the certificate was found by the SMTP service: Open the SMTP Vitual Server properties > Access TAB > and the Secure communications SECTION should read "A TLS cerificate is found with expiration date: day/month/year". Compare the shown date with the actual certificate expiration date.

    Done.

    Hope that helps.  It worked for me.

    Tuesday, November 27, 2012 10:27 PM