Hi everyone, I'm having a strange cert issue that is all of the sudden occurring. I have a SAN cert with my IMAP.xxxx.com, mail.xxxx.com, Autodiscover.xxxx.com, Exchange.xxxx.com, etc and that is assigned to all my Exchange services (SMTP, IMAP, IIS, POP). There is also a second self-signed cert on both CAS servers (servername.internalxxxx.com) that was already on the box and is assigned to SMTP by default (the check box is selected and grayed out in EMC). Now for whatever reason, my IMAP users are getting issued this self-signed cert for their Outgoing SMTP server connections. The clients then throw an error because its self signed. How do I force Exchange to give out the proper SAN cert for this function? The SAN cert works properly in all other cases - just not in regard to these IMAP SMTP users. Thanks!

I would remove the self cert and assign those services to the new cert. You can only have one cert assigned to services althouvh it may show both. Sukh Thanks Sukh. I didn't want to just delete the cert, because I didn't know if it was used in any other internal capacity in the environment.

When I removed the self signed certs from both CAS servers, users started getting "Your server does not support the connection encryption type selected" when using TLS over port 587. The UCC cert in question is assigned to SMTP...I have also confirmed that the client receive connector is configured to the following settings: Network Tab - port 587/465 on all V4/v6 addresses. Authentication Tab Checked Items are: TLS, Basic Auth, Exchange Server Auth, and Integrated Windows Auth. Permission Groups Tab: Anonymous and Exchange users are checked. The above settings are the same settings we have been using for 12+ months and were working before I removed the self-signed cert. Any idea why that would affect this? Thanks!