cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Veritas.com
Support

Updated certificate used for SMTP archiving, but EV still shows old cert (even after reboot)

Go to solution
Stormonts
Level 5

‎11-10-2021 09:07 AM

I opened a case about this, but hopefully someone here has run into this.  We replaced the certificate used for SMTP archiving (as the old one was expiring), but EV is still returning the same old cert (even after a reboot).

Cert in EV:

Stormonts_0-1636563952552.png

Cert being returned by EV.

Stormonts_1-1636564031575.png

 

0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
Stormonts
Level 5

‎11-10-2021 02:32 PM

Figured this out and boy was it frustrating (will post here in case anyone else has the issue).

When we initially setup SMTP, we found that the RC4_HMAC_MD5 cipher had to be enabled (CIS guidelines suggest that it be disabled).

We noticed at some point that the cipher was disabled however mail was still flowing via SMTP journaling, so we assumed one of the EV updates had resolved the issue.

When we attempted to change the certificate, we had the issues in the first post.  Turns out that we had to re-enable that cipher and then the server started to show the updated certificate and mail started flowing.  We're going to wait a bit and then test what happens if we disable the cipher.  It almost seems like the cipher has to be there for the certificate to initially bind but then is not needed.

View solution in original post

2 REPLIES 2

Go to solution
Stormonts
Level 5

‎11-10-2021 02:32 PM

Figured this out and boy was it frustrating (will post here in case anyone else has the issue).

When we initially setup SMTP, we found that the RC4_HMAC_MD5 cipher had to be enabled (CIS guidelines suggest that it be disabled).

We noticed at some point that the cipher was disabled however mail was still flowing via SMTP journaling, so we assumed one of the EV updates had resolved the issue.

When we attempted to change the certificate, we had the issues in the first post.  Turns out that we had to re-enable that cipher and then the server started to show the updated certificate and mail started flowing.  We're going to wait a bit and then test what happens if we disable the cipher.  It almost seems like the cipher has to be there for the certificate to initially bind but then is not needed.

Go to solution
GertjanA
Moderator
Moderator
Partner    VIP    Accredited Certified
In response to Stormonts

‎11-11-2021 12:05 AM

That is interesting. Thanks for describing how you fixed it.

Regards. Gertjan
0 Kudos