Forum Discussion

Stormonts's avatar
Stormonts
Level 5
3 years ago

Updated certificate used for SMTP archiving, but EV still shows old cert (even after reboot)

I opened a case about this, but hopefully someone here has run into this.  We replaced the certificate used for SMTP archiving (as the old one was expiring), but EV is still returning the same old cert (even after a reboot).

Cert in EV:

Cert being returned by EV.

 

  • Figured this out and boy was it frustrating (will post here in case anyone else has the issue).

    When we initially setup SMTP, we found that the RC4_HMAC_MD5 cipher had to be enabled (CIS guidelines suggest that it be disabled).

    We noticed at some point that the cipher was disabled however mail was still flowing via SMTP journaling, so we assumed one of the EV updates had resolved the issue.

    When we attempted to change the certificate, we had the issues in the first post.  Turns out that we had to re-enable that cipher and then the server started to show the updated certificate and mail started flowing.  We're going to wait a bit and then test what happens if we disable the cipher.  It almost seems like the cipher has to be there for the certificate to initially bind but then is not needed.

  • Figured this out and boy was it frustrating (will post here in case anyone else has the issue).

    When we initially setup SMTP, we found that the RC4_HMAC_MD5 cipher had to be enabled (CIS guidelines suggest that it be disabled).

    We noticed at some point that the cipher was disabled however mail was still flowing via SMTP journaling, so we assumed one of the EV updates had resolved the issue.

    When we attempted to change the certificate, we had the issues in the first post.  Turns out that we had to re-enable that cipher and then the server started to show the updated certificate and mail started flowing.  We're going to wait a bit and then test what happens if we disable the cipher.  It almost seems like the cipher has to be there for the certificate to initially bind but then is not needed.

    • GertjanA's avatar
      GertjanA
      Moderator

      That is interesting. Thanks for describing how you fixed it.