Certificate error in app log

Posted on 2013-02-04
Medium Priority
Last Modified: 2013-02-04
I keep getting this message is my application log even though I do not seem to be having any issues with SMTP traffic: Microsoft Exchange could not find a certificate that contains the domain name mail.xxxxxxxxxx.com in the personal store on the local computer. Therefore, it is unable to support the STARTTLS SMTP verb for the connector XXXXXXXXXX Send Connector with a FQDN parameter of mail.XXXXXXXXXX.com. If the connector's FQDN is not specified, the computer's FQDN is used. Verify the connector configuration and the installed certificates to make sure that there is a certificate with a domain name for that FQDN. If this certificate exists, run Enable-ExchangeCertificate -Services SMTP to make sure that the Microsoft Exchange Transport service has access to the certificate key.
Now when I go and loo at my certificates I have 5 in there, shouldn't there only be one in there to cover all the services?
Here is what I have in mine
1.Microsoft Exchange | True | The certificate is valid for Exchange Server usage | IMAP,POP,IIS,SMTP | CN=XXX-Exch1 | CN=XXX-Exch1 | 10/23/2017      
2.Microsoft Exchange | True | The certificate is valid for Exchange Server usage |  IMAP,POP,SMTP | CN-XXX-Exch1 | CN=XXX-Exch1 | 6/16/2017
3.Microsoft Exchange | True | The certificate is valid for Exchange Server usage | IMAP,POP,SMTP | CN=XXX-Exch1 | CN=XXX-Exch1 | 6/16/2017
4."no name" | True | The certificate is valid for Exchange Server usage | SMTP | CN=WMSvc-XXX-Exch1 | CN=WMSvc-XXX-Exch1 | 10/22/2017
5."no name" | True | The certificate is valid for Exchange Server usage | SMTP | CN=XXXX-XXX-Exch1-CA,DC=XXXXXX,DC=local |  CN=XXXX-XXX-Exch1-CA,DC=XXXXXX,DC=local |  10/1/2015
Question by:jrbower
  • 2

Author Comment

ID: 38851214
Also, the last certificate is the only one that is trusted! The rest all say "This CA Root Certificate is not trusted.To enable trust, install this certificate in the Trusted Root Certifications Authorities Store. Maybe I just need to be walk through this process. I cannot seem to get this to work.

Accepted Solution

jamesaskham earned 2000 total points
ID: 38851285
This error is nothing to be concerned about. It is basically informing you that STARTTLS won't work for SMTP (for example, if you have IMAP users and want them to send securely via your Exchange server using SMTP), which is most cases won't matter.

To resolve this, you'll need to get yourself a Third Party SSL certificate, import it into your server and then enable it for SMTP. However, it's not a problem to ignore this error message (assuming you don't want to use secure SMTP).

You can get SSL certificates from lots of places, and there are plenty of guides available to install it (such as http://goo.gl/TCKUi).



Author Closing Comment

ID: 38851298
Thank you very much. I did not think it was too big of a concern, but I wanted to make sure. Of course I may still consider getting a SSL certificate. What about the certificates that are not in the trusted root authorization store?



Featured Post

Easily manage email signatures in Office 365

Managing email signatures in Office 365 can be a challenging task if you don't have the right tool. CodeTwo Email Signatures for Office 365 will help you implement a unified email signature look, no matter what email client is used by users. Test it for free!

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Upgrading from older Exchange server to the latest Exchange server can be tiresome, error-prone and risky, without being a seasoned exchange server administrators. It can become even problematic if you're an organization that runs on tight timeline…
Disk errors can be the source of sundry problems for the Exchange server, the most common one being that the database fails to mount.
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
Watch the video to know how one can repair corrupt Exchange OST file effortlessly and convert OST emails to MS Outlook PST file format by using Kernel for OST to PST converter tool. It can convert OST to MSG, MBOX, EML to access them. It can migrate…

621 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question