?
Solved

Microsoft Exchange couldn't find a certificate

Posted on 2011-09-15
5
Medium Priority
?
462 Views
Last Modified: 2012-05-12
I am getting the following error and I am not sure what to do. I believe I need to add another certificate by using the New-ExchangeCertificate. Is this correct? Also, what do I do with the old ones? Do I delete them with Remove-ExchangeCertificate -Thumbprint (and use the numbers here)? I sure would appreciate any help with this. Thanks

This is the error I am getting

Event Type:      Error
Event Source:      MSExchangeTransport
Event Category:      TransportService
Event ID:      12014
Date:            9/14/2011
Time:            5:54:04 PM
User:            N/A
Computer:      SERVER85
Description:
Microsoft Exchange couldn't find a certificate that contains the domain name server85.armornet.corp in the personal store on the local computer. Therefore, it is unable to support the STARTTLS SMTP verb for the connector Internet_mail with a FQDN parameter of server85.domain.corp. If the connector's FQDN is not specified, the computer's FQDN is used. Verify the connector configuration and the installed certificates to make sure that there is a certificate with a domain name for that FQDN. If this certificate exists, run Enable-ExchangeCertificate -Services SMTP to make sure that the Microsoft Exchange Transport service has access to the certificate key.

These are some of the certificates currntly there

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule, System.Securi
                     ty.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {server85, server85.domain.corp}
HasPrivateKey      : True
IsSelfSigned       : True
Issuer             : CN=server85
NotAfter           : 8/5/2011 11:42:00 AM
NotBefore          : 8/5/2010 11:42:00 AM
PublicKeySize      : 2048
RootCAType         : Unknown
SerialNumber       : B03B6CAF0923E08B45FF7424CF61C921
Services           : IMAP, POP, SMTP
Status             : Invalid
Subject            : CN=server85
Thumbprint         : 0A64DDFA18BA99BE285E295A8D05E55BBDDEE884

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {mail.local.com}
HasPrivateKey      : True
IsSelfSigned       : True
Issuer             : CN=mail.local.com, O=domain corp, C=us
NotAfter           : 8/5/2011 5:40:01 PM
NotBefore          : 8/5/2010 11:40:01 AM
PublicKeySize      : 2048
RootCAType         : Unknown
SerialNumber       : 4CA1049BC756B29E461133836E1681DD
Services           : None
Status             : Invalid
Subject            : CN=mail.local.com, O=domain.corp, C=us
Thumbprint         : 24C1C48F1582070A9B905AAA43E21551BDC84D92

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {mail.local.com}
HasPrivateKey      : True
IsSelfSigned       : True
Issuer             : CN=mail.local.com, O=domain corp, C=us
NotAfter           : 8/5/2011 5:35:45 PM
NotBefore          : 8/5/2010 11:35:45 AM
PublicKeySize      : 2048
RootCAType         : Unknown
SerialNumber       : F5B453D6C1906E9C4CDF8DDE02338DF1
Services           : None
Status             : Invalid
Subject            : CN=mail.local.com, O=domain corp, C=us
Thumbprint         : DA8C0D9C7BBA0423C876648017A9A020E6B36A67

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {mail.local.com}
HasPrivateKey      : True
IsSelfSigned       : True
Issuer             : CN=mail.local.com, O=domain corp, C=us
NotAfter           : 8/5/2011 5:34:50 PM
NotBefore          : 8/5/2010 11:34:50 AM
PublicKeySize      : 2048
RootCAType         : Unknown
SerialNumber       : A584CD271E5204A145B527A7F40F30C3
Services           : None
Status             : Invalid
Subject            : CN=mail.local.com, O=domain corp, C=us
Thumbprint         : 222E362BA49ADEF09E007C53BE4F097CB34E43BA

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule, System.Securi
                     ty.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {server85, server85.domain.corp}
HasPrivateKey      : True
IsSelfSigned       : True
Issuer             : CN=server85
NotAfter           : 9/30/2010 10:09:06 AM
NotBefore          : 9/30/2009 10:09:06 AM
PublicKeySize      : 2048
RootCAType         : Unknown
SerialNumber       : ADC91D4B2D977BA24B1FBDADEB659A5D
Services           : IMAP, POP, SMTP
Status             : Invalid
Subject            : CN=server85
Thumbprint         : 8BB344D16CCDE5025E2011A29B875DC0908287B3

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule, System.Securi
                     ty.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {server85, server85.domain.corp}
HasPrivateKey      : True
IsSelfSigned       : True
Issuer             : CN=server85
NotAfter           : 9/30/2010 9:23:04 AM
NotBefore          : 9/30/2009 9:23:04 AM
PublicKeySize      : 2048
RootCAType         : Unknown
SerialNumber       : 9ABDE0A3DEA224994930E4EAE77A9901
Services           : IMAP, POP, SMTP
Status             : Invalid
Subject            : CN=server85
Thumbprint         : 253AB54E0337BAE9E9B243225B139EBFCA898DAB

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule, System.Securi
                     ty.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {server85, server85.domain.corp}
HasPrivateKey      : True
IsSelfSigned       : True
Issuer             : CN=server85
NotAfter           : 9/30/2010 9:21:27 AM
NotBefore          : 9/30/2009 9:21:27 AM
PublicKeySize      : 2048
RootCAType         : Unknown
SerialNumber       : A35A34F96123309C4945DB827F9D5814
Services           : IMAP, POP, SMTP
Status             : Invalid
Subject            : CN=server85
Thumbprint         : 9108222055721EFA7886AFEB6552CD7E42BBDD5D

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule, System.Securi
                     ty.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {server85, server85.domain.corp}
HasPrivateKey      : True
IsSelfSigned       : True
Issuer             : CN=server85
NotAfter           : 9/27/2008 12:12:08 PM
NotBefore          : 9/27/2007 12:12:08 PM
PublicKeySize      : 2048
RootCAType         : Unknown
SerialNumber       : 3CEAE373DE9DEE934F75EB708BE5C971
Services           : IMAP, POP, SMTP
Status             : Invalid
Subject            : CN=server85
Thumbprint         : 6C04BD37249A63265CF14DCF678223B2942E3661
0
Comment
Question by:AD_Tech
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 37

Expert Comment

by:Jamie McKillop
ID: 36542583
Hello,

Unless you want to use TLS to encrypt email between your organization and a partner that uses TLS, you can ignore this error.

JJ
0
 
LVL 49

Accepted Solution

by:
Akhater earned 1000 total points
ID: 36542598
you can ignore it or just run new-exchangecertificate and it will go away
0
 

Author Comment

by:AD_Tech
ID: 36542617
Does it matter if the old ones stay?
0
 
LVL 37

Assisted Solution

by:Jamie McKillop
Jamie McKillop earned 1000 total points
ID: 36542666
It doesn't matter if the old ones are there as you can only have one active at a time but it would be a good idea to clean them up. To do so, issue the following command for each ceretificate you want to remove (changing the thumbprint to match the cert):

Remove-ExchangeCertificate -Thumbprint 157700393E5D76615E855A773CFA08AB5842DFB0

You can then open the Certificates MMC and remove the certificate from the Personal store of the server.

JJ
0
 

Author Comment

by:AD_Tech
ID: 36542860
Thanks guys I appreciate the help. I will add the new certificate and remove the old ones just to clean it up. Thanks again
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Find out what you should include to make the best professional email signature for your organization.
Check out this step-by-step guide for using the newly updated Experts Exchange mobile app—released on May 30.
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question