locked
Can't use the same certifcate on Hub Transport and Edge Transport RRS feed

  • Question

  • Hi There,

    We migrated from an HT/CAS configuration and added an edge server.  I had it working fine, except then realized that some mail wasn't coming in because TLS wasn't enabled and the host in the certificate didn't match the external name.  Since I had exportable certs for my CAS/HT configuration that had the name of my external server in their name, I imported that cert into the edge server and replaced the self-signed cert.

    Now I get the following message:

    Edge Subscription
    Failed

    Error:
    The subscription file failed to load for the following reason: The direct trust certificate of the subscribed Edge Transport server with thumbprint ECCE1F70AC10################5D5A928B is a duplicate of the certificate of one of the HubTransport servers. Sharing the same certificate between Edge and Hub Transport servers is not allowed.

    Interestingly, I couldn't find any direct mention of this "feature" anywhere.  Doesn't mean it doesn't exist, but i'm surprised.

    Okay. Now what.  I had to remove my previous subscription in order to get this far.  I still have mail moving in and out as I still maintained a disabled "internet connector" from the previous HT/CAS configuration that is sending email out.  The Edge server still seems to be receiving and distributing mail, but I'm concerned because of this fellows problem in the secure messaging forum.

    Can anyone provide me with some timely advice please before I go and spend more money on a cert only to completely destroy mail flow in and out.

    Thanks for any assistance.

    -Darryl

    Thursday, February 9, 2012 10:55 PM

Answers

  • Hi Darryl

    You cannot use the same cert for hub and edge servers becuase they use the certificate to identify each other during authentication.  Enable your self signed certificate on the hub for SMTP and then re do the edge sync.

    Steve

    • Marked as answer by Dman2k1 Thursday, February 9, 2012 11:18 PM
    Thursday, February 9, 2012 11:11 PM

All replies

  • Hi Darryl

    You cannot use the same cert for hub and edge servers becuase they use the certificate to identify each other during authentication.  Enable your self signed certificate on the hub for SMTP and then re do the edge sync.

    Steve

    • Marked as answer by Dman2k1 Thursday, February 9, 2012 11:18 PM
    Thursday, February 9, 2012 11:11 PM
  • Hi Steve,

    Ding!

    Thank you very much for that prompt answer.  I was trying to remove the "SMTP" assignement for the other certificate but that didn't work (it still says smtp there) however re-assigning the self-signed cert to smtp worked!

    Darryl

    Thursday, February 9, 2012 11:18 PM
  • No worries :)

    Thursday, February 9, 2012 11:20 PM