Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1483
  • Last Modified:

unable to create or edit certificates in exchange

For some reason there is no cert for the internal LAN FQDN exchange.domain.local so I'm trying to create one:
New-ExchangeCertificate -DomainName exchange.freefromhunger.office

but get an error:
[PS] C:\Documents and Settings\vn>New-ExchangeCertificate -DomainName exchange.freefromhunger.office
WARNING: An unexpected error has occurred and debug information is being generated: Name 192.168.67.3 is not a valid DNS name.
Parameter name: names
New-ExchangeCertificate : Name 192.168.67.3 is not a valid DNS name.
Parameter name: names
At line:1 char:24
+ New-ExchangeCertificate  <<<< -DomainName exchange.freefromhunger.office


This machine is also the sole DC. It was made the DC a few months ago so maybe the DNS problem is because of that? I've checked dns via dcdiag /v /e /TEST:DNS and resolved the one error about the old DC still being listed as a Delegated server.

Any ideas on how to get a new cert in there? The error that I'm ultimately trying to resolve is:
Event Type:      Error
Event Source:      MSExchangeTransport
Event Category:      TransportService
Event ID:      12014
Date:            11/22/2010
Time:            10:58:02 AM
User:            N/A
Computer:      EXCHANGE
Description:
Microsoft Exchange couldn't find a certificate that contains the domain name Exchange.freefromhunger.office in the personal store on the local computer. Therefore, it is unable to support the STARTTLS SMTP verb for the connector Intra-Organization SMTP Send Connector with a FQDN parameter of Exchange.freefromhunger.office. If the connector's FQDN is not specified, the computer's FQDN is used. Verify the connector configuration and the installed certificates to make sure that there is a certificate with a domain name for that FQDN. If this certificate exists, run Enable-ExchangeCertificate -Services SMTP to make sure that the Microsoft Exchange Transport service has access to the certificate key.


Thanks!
Roman
0
dcheest
Asked:
dcheest
  • 2
1 Solution
 
mittermuellerCommented:
Try taking the whole syntax. E.g.:  New-ExchangeCertificate -GenerateRequest -SubjectName "c=DE, o=test.de, cn=mail.test.de" -includeAutodiscover -IncludeAcceptedDomains -DomainName mail.test.de,XCHG-SRV,XCHG-SRV.intern.test.de -privatekeyexportable $true -Path c:\certrequest.txt
0
 
dcheestAuthor Commented:
Found that two of the other SMTP connectors had invalid FQDN's specified. Updated those to the internal FQDN and the command succeeded.
0
 
dcheestAuthor Commented:
Found the solution while waiting for a reply. Thanks anyways!
0

Featured Post

Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now