We have been using TLS with about 20 of our vendors for a couple years and just last week we came accross one vendor that we can no longer send encrypted email to. The error we saw in the Queue was "The remote SMTP service rejected the SSL handshake because the certificate has expired." I double checked our certificate, and it is still valid. So, we called that vendor, who in turn told us that their certificate indeed was out of date, but it had been replaced. They also indicated that TLS is working correctly with all of their other clients and that we should check to see if we had cached their certificate. I didn't think Exchange would cache the certificates, and neither can I find any information about where it would cache them if it did. Any suggestions? Where it would cache them? Other things to check?
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
TLS problem
- Thread starter FloDiggs
- Start date
- Thread starter
- #3
Not quite that simple, unfortunately. I did find that TLS will cache a certificate for 10 hours so that it can simply resume a previous session with less overhead on the CPU, etc.; however, our problem had continued well past the 10 hour time limit. We ended up routing our mail through an appliance that is now handling the TLS, but it doesn't really fix the original problem.
- Status
Similar threads
- Locked
- Question