STARTTLS Certificate Expiration
Posted on 2011-03-08
On our Exchange 2007 server we had a certificate installed with the local FQDN of the server as an alternate name on the the certificate (hp2.cmcfc.org) This certificate has expired and been removed from the system. We recently purchased new a multidomain ssl certificate and do not have the FQDN name of the server, just the external name (mail.domain.org) We now receive Event 12014 stating that Exchange could not find a certificate that contains the domain name hp2.domain.org in the personal store on the local computer. Therefore it is unable to support the STARTTLS SMTP verb for the connector Outbound. I am under the impression that you can not change the FQDN to the external name on the send/receive connectors, so should I just disabled the TLS checkbox on the send connector so we no longer see this error? Or how should I address this? SMTP is enabled for the certificate on Exchange but it doesnt have the server name in the name list so it is not recognized. I dont think we enforce TLS on our connections so it may not be needed?