Share via


Exchange 2019: Set TLS Certificate name on your receive connector.

In Exchange 2019, same with Exchange 2016, you have your standard receive connectors that comes with Exchange once installed. To recap, here is the list:

  • Default <ServerName>
  • Client Proxy <ServerName>
  • Default Frontend <ServerName>
  • Outbound Proxy Frontend <ServerName>
  • Client Frontend <ServerName>

As advised by Microsoft and other MVP's, you shouldn't remove or modify the defaults but rather create specific ones for applications or partners. In this example, we will be setting the TLS Certificate Name on our Client Frontend Receive Connector.

To firstly get the thumbprint of the certificate you want to use, you can run the following command from the Exchange Management Shell:

Get-ExchangeCertificate

If you have more than one server, you can run the following command against a specific server:

Get-ExchangeCertificate -server <ServerName>

This will give you a list of all certificates installed on the server, below is an example from my lab:

https://everything-powershell.com/wp-content/uploads/2022/02/image.png

In the above example, we will be working with the last certificate (CN=mail.thexchangelab.com). To firstly check if you have a value set on your receive connector, you can run the following command:

  • Get-ReceiveConnector "EX2019\Client Frontend EX2019" | fl

As you can see below, the value is blank:

https://everything-powershell.com/wp-content/uploads/2022/02/image-1.png

To set the TLSCertificateName value, we need to run 3x commands as shown below:

$cert = Get-ExchangeCertificate -Thumbprint 6A3887CC24124A7628ADC2C68CCE6D42C178753E
$tlscertificatename = "$($cert.Issuer)$($cert.Subject)"
Set-ReceiveConnector "EX2019\Client Frontend ex2019" -TlsCertificateName $tlscertificatename

Once the 3x commands have run, you should not have any output on the console unless their are errors, here is what the commands look like in action:

https://everything-powershell.com/wp-content/uploads/2022/02/image-2.png

If you go an run the previous command to go and look at the value, it will be populated as shown below:

https://everything-powershell.com/wp-content/uploads/2022/02/image-3.png

Exchange 2019 normally refreshes it config and I leave it but if you in a rush then you can restart the transport services and should see event ID 16022 in the event logs to say that the configuration has been refreshed/updated