There is no valid SMTP TLS certificate for the FQDN of...

Hi Guys

Noticed this morning I am getting an error on my exchange 2007 server

"There is no valid SMTP TLS certificate for the FQDN of exchange.whatever.com. The existing cert has expired..."

I understand there is a cmdlet to get a new cert, not sure what arguments to use or if its just as simply as running the cmdlet, and how to import the self signed cert afterwards.

Thanks
MysterhaysAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Rick FeeMessaging Engineer - Disaster Recovery EngineerCommented:
Just as simply as running cmdlet

Get-ExchangeCertificate -thumbprint thumbprintofcert | New-ExchangeCertificate

just sounds like your selfsigned has expired...you can ensure this by running:

get-exchangecertificate | fl    this will give you the details.
0
MysterhaysAuthor Commented:
where do I run this cmdlet?

sorry for the stupid question, this is new to me
0
Rick FeeMessaging Engineer - Disaster Recovery EngineerCommented:
Its all good....here you go:
In the Exchange Management Shell:
Start -->  Program Files -->  Microsoft Exchange Server 2007 -->   Exchange Management Shell
 
0
10 Tips to Protect Your Business from Ransomware

Did you know that ransomware is the most widespread, destructive malware in the world today? It accounts for 39% of all security breaches, with ransomware gangsters projected to make $11.5B in profits from online extortion by 2019.

MysterhaysAuthor Commented:
Yeah I figured that out

I am guessing the string in italics is the long thumbprint number.

the cert in question is still listed when I rerun get-exchangecertificate | fl

does it take time to be replaced?
0
MysterhaysAuthor Commented:
The other thing I notice is that for the property

isselfsigned the answer is false.

I am new to this company so I am beginning to wonder if they have a third party cert that expired here.
0
Rick FeeMessaging Engineer - Disaster Recovery EngineerCommented:
If you run get-exchangecertificate do you see multiple certs?   or get-exchangecertificate | fl
To replace it with a few one just make sure its enabled for IIS...ie
enable-exchangecertificate -thumbprint  thumbprintofcert -services IIS
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
MysterhaysAuthor Commented:
I found that the certificate was actually redundant, there was another certificate doing the same job from a third party, so when they imported it they didn't blow away the old certificate. I just ended up removing the certificate.

using remove-exchangecertificate -thumbprint thumbprintnumber

Thanks again for your help, I've learned alot from this.
0
Rick FeeMessaging Engineer - Disaster Recovery EngineerCommented:
Cool cool yes you once you start working in the shell it will come quickly.
0
Shreedhar EtteCommented:
Have you created the certificate using the command New-ExchangeCertificate?
0
Shreedhar EtteCommented:
ignore my comment
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.