EXchange Certificate Issues

Hi All.

Our client is running SBS2011 with Exchange 2010.

We have a error log as follows:

There is no valid SMTP Transport Layer Security (TLS) certificate for the FQDN of XXXXXX.xxxx.local. The existing certificate for that FQDN has expired. The continued use of that FQDN will cause mail flow problems. A new certificate that contains the FQDN of XXXXXX.xxxx.local should be installed on this server as soon as possible. You can create a new certificate by using the New-ExchangeCertificate task.

This is clearly related to the the Exchange Certificates (Please see attached JPG) but I am confised how to resolve this issue.

As a little background - we have installed a 3rd Party SSL Certificate from GoDaddy that is working fine. I can see that we can renew this certificate through the Exchange console - but we are not sure where to re-new it from - its not Self-Signed and I dont know where to get it from.

Can anyone please throw some light on this for us.

Thank you
Regards
Andy Keen
LVL 1
AndyKeenAsked:
Who is Participating?
 
donnkCommented:
delete the expired certs using mmc then re-run both the cert wizard and the fix my network wizard
0
 
MaheshArchitectCommented:
Screen shot is missing

1st You need to check on Exchange server console, if this certificate is expired in its properties

Mahesh
0
 
AndyKeenAuthor Commented:
Hi MaheshPM

Sorry - selected it - forgot to upload :/

Please see attached and this should answer your question.

Thank you
Exchange-Certificates.jpg
0
 
MaheshArchitectCommented:
Yes all 3 certificates are expired and IMAP, POP and SMTP services are assgned to that.

All 3 certificates are issued fro internal CA installed in your network

since these is local Certificate, you can generate New CSR ( make sure to include all SAN Names which are in Existing Certificate) from Exchange 2010 , generate Certificate from your local CA for CSR
http://support.godaddy.com/help/article/6086/generating-a-certificate-signing-request-csr-exchange-server-2010  - Link for how to generate new CSR
http://dmaymigrations.blogspot.in/2011/02/how-to-install-cerificate-in-exchange.html  - Link for how to get certificate from internal CA against CSR

OR

you can renew the exchange certificate with the EMC or EMS. Please refer this document to do it:
http://technet.microsoft.com/en-us/library/ee332322(v=exchg.141).aspx

In either case you need to generate certificate from internal CA server.

Once you install certifcate on exchange server, assign Exchange services to that certificate for all Exchange servers
Later on you can remove expired certificates if you generated new certs instead of renewing them

Mahesh
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.