Solved

Certificate error in app log

Posted on 2013-02-04
3
329 Views
Last Modified: 2013-02-04
I keep getting this message is my application log even though I do not seem to be having any issues with SMTP traffic: Microsoft Exchange could not find a certificate that contains the domain name mail.xxxxxxxxxx.com in the personal store on the local computer. Therefore, it is unable to support the STARTTLS SMTP verb for the connector XXXXXXXXXX Send Connector with a FQDN parameter of mail.XXXXXXXXXX.com. If the connector's FQDN is not specified, the computer's FQDN is used. Verify the connector configuration and the installed certificates to make sure that there is a certificate with a domain name for that FQDN. If this certificate exists, run Enable-ExchangeCertificate -Services SMTP to make sure that the Microsoft Exchange Transport service has access to the certificate key.
Now when I go and loo at my certificates I have 5 in there, shouldn't there only be one in there to cover all the services?
Here is what I have in mine
1.Microsoft Exchange | True | The certificate is valid for Exchange Server usage | IMAP,POP,IIS,SMTP | CN=XXX-Exch1 | CN=XXX-Exch1 | 10/23/2017      
2.Microsoft Exchange | True | The certificate is valid for Exchange Server usage |  IMAP,POP,SMTP | CN-XXX-Exch1 | CN=XXX-Exch1 | 6/16/2017
3.Microsoft Exchange | True | The certificate is valid for Exchange Server usage | IMAP,POP,SMTP | CN=XXX-Exch1 | CN=XXX-Exch1 | 6/16/2017
4."no name" | True | The certificate is valid for Exchange Server usage | SMTP | CN=WMSvc-XXX-Exch1 | CN=WMSvc-XXX-Exch1 | 10/22/2017
5."no name" | True | The certificate is valid for Exchange Server usage | SMTP | CN=XXXX-XXX-Exch1-CA,DC=XXXXXX,DC=local |  CN=XXXX-XXX-Exch1-CA,DC=XXXXXX,DC=local |  10/1/2015
0
Comment
Question by:jrbower
  • 2
3 Comments
 

Author Comment

by:jrbower
ID: 38851214
Also, the last certificate is the only one that is trusted! The rest all say "This CA Root Certificate is not trusted.To enable trust, install this certificate in the Trusted Root Certifications Authorities Store. Maybe I just need to be walk through this process. I cannot seem to get this to work.
0
 
LVL 3

Accepted Solution

by:
jamesaskham earned 500 total points
ID: 38851285
This error is nothing to be concerned about. It is basically informing you that STARTTLS won't work for SMTP (for example, if you have IMAP users and want them to send securely via your Exchange server using SMTP), which is most cases won't matter.

To resolve this, you'll need to get yourself a Third Party SSL certificate, import it into your server and then enable it for SMTP. However, it's not a problem to ignore this error message (assuming you don't want to use secure SMTP).

You can get SSL certificates from lots of places, and there are plenty of guides available to install it (such as http://goo.gl/TCKUi).

Cheers

James
0
 

Author Closing Comment

by:jrbower
ID: 38851298
Thank you very much. I did not think it was too big of a concern, but I wanted to make sure. Of course I may still consider getting a SSL certificate. What about the certificates that are not in the trusted root authorization store?

Thanks,

John
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
as logs exchange 2010 7 30
exchange, outlook 8 58
Exchange sendin sPAMs to Smart Host 2 23
Exchange 2013 DAG maintenance question 1 18
Follow this checklist to learn more about the 15 things you should never include in an email signature from personal quotes, animated gifs and out-of-date marketing content.
Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
This video discusses moving either the default database or any database to a new volume.

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now