11-10-2021 09:07 AM
I opened a case about this, but hopefully someone here has run into this. We replaced the certificate used for SMTP archiving (as the old one was expiring), but EV is still returning the same old cert (even after a reboot).
Cert in EV:
Cert being returned by EV.
Solved! Go to Solution.
11-10-2021 02:32 PM
Figured this out and boy was it frustrating (will post here in case anyone else has the issue).
When we initially setup SMTP, we found that the RC4_HMAC_MD5 cipher had to be enabled (CIS guidelines suggest that it be disabled).
We noticed at some point that the cipher was disabled however mail was still flowing via SMTP journaling, so we assumed one of the EV updates had resolved the issue.
When we attempted to change the certificate, we had the issues in the first post. Turns out that we had to re-enable that cipher and then the server started to show the updated certificate and mail started flowing. We're going to wait a bit and then test what happens if we disable the cipher. It almost seems like the cipher has to be there for the certificate to initially bind but then is not needed.
11-10-2021 02:32 PM
Figured this out and boy was it frustrating (will post here in case anyone else has the issue).
When we initially setup SMTP, we found that the RC4_HMAC_MD5 cipher had to be enabled (CIS guidelines suggest that it be disabled).
We noticed at some point that the cipher was disabled however mail was still flowing via SMTP journaling, so we assumed one of the EV updates had resolved the issue.
When we attempted to change the certificate, we had the issues in the first post. Turns out that we had to re-enable that cipher and then the server started to show the updated certificate and mail started flowing. We're going to wait a bit and then test what happens if we disable the cipher. It almost seems like the cipher has to be there for the certificate to initially bind but then is not needed.
11-11-2021 12:05 AM
That is interesting. Thanks for describing how you fixed it.