Jinesh Kumar Kochath
asked on
Exchange 2007 Event Id : 12018
Hi,
I am recently received a event id in exchange 2007 server as per the following :
Event Id : 12018
The STARTTLS certificate will expire soon: subject: kfex.kaeferme.local,
hours remaining: 18AC0DDF9EACDC42CF98CBCDB1 3211A465A9 2F9E.
Run the New-ExchangeCertificate cmdlet to create a new certificate.
Please let me know how can I resolve this issue. Also, if I renew my internal certificate, what will happen to our external certificate as we have published exchange via isa server 2006
I am recently received a event id in exchange 2007 server as per the following :
Event Id : 12018
The STARTTLS certificate will expire soon: subject: kfex.kaeferme.local,
hours remaining: 18AC0DDF9EACDC42CF98CBCDB1
Run the New-ExchangeCertificate cmdlet to create a new certificate.
Please let me know how can I resolve this issue. Also, if I renew my internal certificate, what will happen to our external certificate as we have published exchange via isa server 2006
The certificate on both the Exchange server and the ISA server should match.
As already mentioned you should be using a UCC/SAN certificate with Exchange 2007 and the certificate should include:
autodiscover.domainname.co m
owa.domainname.com (owa URL)
servername.domainname.loca l (internal FQDN of the server)
SERVERNAME (NETBIOS name of the server)
see my guide here on publishing Exchange with ISA: http://demazter.wordpress.com/publish-exchange-services-with-isa2006/
have a look here for further reference: http://www.exchangeinbox.com/article.aspx?i=114
As already mentioned you should be using a UCC/SAN certificate with Exchange 2007 and the certificate should include:
autodiscover.domainname.co
owa.domainname.com (owa URL)
servername.domainname.loca
SERVERNAME (NETBIOS name of the server)
see my guide here on publishing Exchange with ISA: http://demazter.wordpress.com/publish-exchange-services-with-isa2006/
have a look here for further reference: http://www.exchangeinbox.com/article.aspx?i=114
In the event ID 12018, yu would sethe certificate thumbprint mentioned
Run the below command
Get-exchangecertificate -thumbprint (Thumbprint mentioned in event 12018)
Then note the certificate is for SMTP, POP and which all services.
Then run the following command
Get-exchangecertificate -thumbprint (Thumbprint mentioned in event 12018) | new-exchangecertificate
Then it will prompt you if you are sure you would like to overwrite it say yes
Refer the below artilcle for any queries
http://exchangepedia.com/blog/2008/01/exchange-server-2007-renewing-self.html
Run the below command
Get-exchangecertificate -thumbprint (Thumbprint mentioned in event 12018)
Then note the certificate is for SMTP, POP and which all services.
Then run the following command
Get-exchangecertificate -thumbprint (Thumbprint mentioned in event 12018) | new-exchangecertificate
Then it will prompt you if you are sure you would like to overwrite it say yes
Refer the below artilcle for any queries
http://exchangepedia.com/blog/2008/01/exchange-server-2007-renewing-self.html
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
hi shivkumar
excellent, i have done it before itself, but your answer was exacting matching to our requirements
keep it up, have a nice day
regards
Jinesh
excellent, i have done it before itself, but your answer was exacting matching to our requirements
keep it up, have a nice day
regards
Jinesh
ASKER
excellent
You are welcome sir, just to add run iisrest from command propmt after that.
If it is a commercial SSL certificate then you just need to replace it.
If you have used the self generated certificate then you need to start to plan how to replace it.
The best way would be to acquire a commercial SSL certificate. That will avoid the need to visit the users, as long as they are using a valid name in their RPC over HTTPs/Outlook Anywhere configuration.
Trying not to sound like my mother, but if you had deployed Exchange correctly, using a commercial SSL certificate then you wouldn't have this problem. Considering you can get SAN/UC certificates for less than US$100/year, trying to use self generated certificates is a false economy.