stonneway
asked on
SMTP and wildcard SSL certs in Exchange 2010
Hi all,
We see the following error on our Exchange 2010 box which is using a wildcard SSL for *.mydomain.com. I understand that SMTP and POP cant be set to use a wildcard SSL but is there a way to disable the alerts somehow? They are filling up the event log.
Log Name: Application
Source: MSExchangeTransport
Date: 18/03/2010 06:17:55
Event ID: 12014
Task Category: TransportService
Level: Error
Keywords: Classic
User: N/A
Microsoft Exchange could not find a certificate that contains the domain name server.mydomain.local in the personal store on the local computer. Therefore, it is unable to support the STARTTLS SMTP verb for the connector Default SERVER with a FQDN parameter of SERVER.mydomain.local. If the connector's FQDN is not specified, the computer's FQDN is used. Verify the connector configuration and the installed certificates to make sure that there is a certificate with a domain name for that FQDN. If this certificate exists, run Enable-ExchangeCertificate -Services SMTP to make sure that the Microsoft Exchange Transport service has access to the certificate key.
Olly
We see the following error on our Exchange 2010 box which is using a wildcard SSL for *.mydomain.com. I understand that SMTP and POP cant be set to use a wildcard SSL but is there a way to disable the alerts somehow? They are filling up the event log.
Log Name: Application
Source: MSExchangeTransport
Date: 18/03/2010 06:17:55
Event ID: 12014
Task Category: TransportService
Level: Error
Keywords: Classic
User: N/A
Microsoft Exchange could not find a certificate that contains the domain name server.mydomain.local in the personal store on the local computer. Therefore, it is unable to support the STARTTLS SMTP verb for the connector Default SERVER with a FQDN parameter of SERVER.mydomain.local. If the connector's FQDN is not specified, the computer's FQDN is used. Verify the connector configuration and the installed certificates to make sure that there is a certificate with a domain name for that FQDN. If this certificate exists, run Enable-ExchangeCertificate
Olly
Did you remove the self signed certificate ?
if you run get-exchangecertificate what is the result ?
ASKER
Thumbprint Services Subject
---------- -------- -------
35B14532FE4D108382BF32A928
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks. That will generate a self signed cert from what I remember. Theres no chance of that overwriting the existing certificate ?
no it will not overwrite your existing certificate it will just create a self-signed one to be created by SMTP
ASKER
Thanks. I'll do that now and check it in the morning. Cheers
after you run it issue a get-exchangecertificate again and paste the results
ASKER
Thumbprint Services Subject
---------- -------- -------
A6E062309D6DEA6C6633F40745 2DE8995B9B C636 ....S. CN=SERVER
35B14532FE4D108382BF32A928 A983A86982 EBD0 ...WS. CN=*.mydomain.com, OU=Domain Control Validated, O=*.mydomain.com
---------- -------- -------
A6E062309D6DEA6C6633F40745
35B14532FE4D108382BF32A928
great as you can see the self signed certificate used only the SMTP service and the generated one is still listed for IIS
if you wanna make sure restart your Microsoft Exchange Transport service and check if the warning appears again
if you wanna make sure restart your Microsoft Exchange Transport service and check if the warning appears again