How to configure IIS SMTP for outgoing TLS authentication

Applies to: Exchange Online

Introduction


The way in which Microsoft mandates connector configuration for Exchange Online may require that certificates be applied to those connector settings. For more information, see KB 3169958 Important notice for Office 365 email customers who have configured connectors.

Because of this requirement, customers who use IIS SMTP Virtual Server to send data such as relay content, reports, and fax messages may have problems finding a channel through which to select the necessary certificate.

More Information


To make sure that you select the correct certificate, follow these steps:

  1. Confirm that only the certificate to be used by the SMTP server is in the Local_Machine\Personal certificates repository. Additional certificates can be added later.
  2. Confirm that the fully qualified domain name (FQDN) that’s configured under the SMTP Virtual Server properties matches the certificate's subject name.
  3. Configure the FQDN of the SMTP Virtual Server. Confirm that the certificate is found by the SMTP service. To do this, follow these steps: 
    1. Locate SMTP Virtual Server Properties.
    2. On the Delivery tab, click Advanced, and then type the FQDN in the Fully-qualified domain name box.
    3. Restart the SMTP service.
  4. Confirm that the certificate is found by the SMTP service. To do this, follow these steps: 
    1. Locate SMTP Virtual Server Properties.
    2. On the Access tab, the Secure communications section should display the following:

      A TLS certificate is found with expiration date: day/month/year.
    3. Compare the shown date with the actual certificate expiration date.

 



Still need help? Go to Microsoft Community.