Does anyone have experience with Keycloak realm settings for email successfully getting TLS and Authentication working with Exchange server? I’m running the latest Keycloak version and have an on-premise Exchange 2013 server and a receive connector with the following settings:
Authentication: TLS, Externally Secured (for relaying to external email addresses)
Permission Groups: Exchange Servers, Exchange Users
Scoping: Internal IP address of Keycloak server, Binding to All IPv4 on port 587
FQDN: public DNS name for mail server
In Keycloak – Realm Settings – Email, the following:
Host: our public DNS name for mail server
Port: 587
Enable Authentication: ON
Username: DOMAIN\username
Password: thepassword
I can send email just fine this way. When I turn on Enable StartTLS in Realm email settings, i cannot send emails. In exchange I get the following in logs:
TLS negotiation failed with error CertUnknown
The certificate Exchange is presenting is a valid wildcard domain cert from GoDaddy.