?
Solved

Certificate error in app log

Posted on 2013-02-04
3
Medium Priority
?
338 Views
Last Modified: 2013-02-04
I keep getting this message is my application log even though I do not seem to be having any issues with SMTP traffic: Microsoft Exchange could not find a certificate that contains the domain name mail.xxxxxxxxxx.com in the personal store on the local computer. Therefore, it is unable to support the STARTTLS SMTP verb for the connector XXXXXXXXXX Send Connector with a FQDN parameter of mail.XXXXXXXXXX.com. If the connector's FQDN is not specified, the computer's FQDN is used. Verify the connector configuration and the installed certificates to make sure that there is a certificate with a domain name for that FQDN. If this certificate exists, run Enable-ExchangeCertificate -Services SMTP to make sure that the Microsoft Exchange Transport service has access to the certificate key.
Now when I go and loo at my certificates I have 5 in there, shouldn't there only be one in there to cover all the services?
Here is what I have in mine
1.Microsoft Exchange | True | The certificate is valid for Exchange Server usage | IMAP,POP,IIS,SMTP | CN=XXX-Exch1 | CN=XXX-Exch1 | 10/23/2017      
2.Microsoft Exchange | True | The certificate is valid for Exchange Server usage |  IMAP,POP,SMTP | CN-XXX-Exch1 | CN=XXX-Exch1 | 6/16/2017
3.Microsoft Exchange | True | The certificate is valid for Exchange Server usage | IMAP,POP,SMTP | CN=XXX-Exch1 | CN=XXX-Exch1 | 6/16/2017
4."no name" | True | The certificate is valid for Exchange Server usage | SMTP | CN=WMSvc-XXX-Exch1 | CN=WMSvc-XXX-Exch1 | 10/22/2017
5."no name" | True | The certificate is valid for Exchange Server usage | SMTP | CN=XXXX-XXX-Exch1-CA,DC=XXXXXX,DC=local |  CN=XXXX-XXX-Exch1-CA,DC=XXXXXX,DC=local |  10/1/2015
0
Comment
Question by:jrbower
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 

Author Comment

by:jrbower
ID: 38851214
Also, the last certificate is the only one that is trusted! The rest all say "This CA Root Certificate is not trusted.To enable trust, install this certificate in the Trusted Root Certifications Authorities Store. Maybe I just need to be walk through this process. I cannot seem to get this to work.
0
 
LVL 3

Accepted Solution

by:
jamesaskham earned 2000 total points
ID: 38851285
This error is nothing to be concerned about. It is basically informing you that STARTTLS won't work for SMTP (for example, if you have IMAP users and want them to send securely via your Exchange server using SMTP), which is most cases won't matter.

To resolve this, you'll need to get yourself a Third Party SSL certificate, import it into your server and then enable it for SMTP. However, it's not a problem to ignore this error message (assuming you don't want to use secure SMTP).

You can get SSL certificates from lots of places, and there are plenty of guides available to install it (such as http://goo.gl/TCKUi).

Cheers

James
0
 

Author Closing Comment

by:jrbower
ID: 38851298
Thank you very much. I did not think it was too big of a concern, but I wanted to make sure. Of course I may still consider getting a SSL certificate. What about the certificates that are not in the trusted root authorization store?

Thanks,

John
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In-place Upgrading Dirsync to Azure AD Connect
This article will help to fix the below error for MS Exchange server 2010 I. Out Of office not working II. Certificate error "name on the security certificate is invalid or does not match the name of the site" III. Make Internal URLs and External…
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question