Solved

EXchange Certificate Issues

Posted on 2013-12-02
4
293 Views
Last Modified: 2014-01-14
Hi All.

Our client is running SBS2011 with Exchange 2010.

We have a error log as follows:

There is no valid SMTP Transport Layer Security (TLS) certificate for the FQDN of XXXXXX.xxxx.local. The existing certificate for that FQDN has expired. The continued use of that FQDN will cause mail flow problems. A new certificate that contains the FQDN of XXXXXX.xxxx.local should be installed on this server as soon as possible. You can create a new certificate by using the New-ExchangeCertificate task.

This is clearly related to the the Exchange Certificates (Please see attached JPG) but I am confised how to resolve this issue.

As a little background - we have installed a 3rd Party SSL Certificate from GoDaddy that is working fine. I can see that we can renew this certificate through the Exchange console - but we are not sure where to re-new it from - its not Self-Signed and I dont know where to get it from.

Can anyone please throw some light on this for us.

Thank you
Regards
Andy Keen
0
Comment
Question by:AndyKeen
  • 2
4 Comments
 
LVL 35

Expert Comment

by:Mahesh
Comment Utility
Screen shot is missing

1st You need to check on Exchange server console, if this certificate is expired in its properties

Mahesh
0
 
LVL 1

Author Comment

by:AndyKeen
Comment Utility
Hi MaheshPM

Sorry - selected it - forgot to upload :/

Please see attached and this should answer your question.

Thank you
Exchange-Certificates.jpg
0
 
LVL 6

Accepted Solution

by:
donnk earned 500 total points
Comment Utility
delete the expired certs using mmc then re-run both the cert wizard and the fix my network wizard
0
 
LVL 35

Expert Comment

by:Mahesh
Comment Utility
Yes all 3 certificates are expired and IMAP, POP and SMTP services are assgned to that.

All 3 certificates are issued fro internal CA installed in your network

since these is local Certificate, you can generate New CSR ( make sure to include all SAN Names which are in Existing Certificate) from Exchange 2010 , generate Certificate from your local CA for CSR
http://support.godaddy.com/help/article/6086/generating-a-certificate-signing-request-csr-exchange-server-2010  - Link for how to generate new CSR
http://dmaymigrations.blogspot.in/2011/02/how-to-install-cerificate-in-exchange.html  - Link for how to get certificate from internal CA against CSR

OR

you can renew the exchange certificate with the EMC or EMS. Please refer this document to do it:
http://technet.microsoft.com/en-us/library/ee332322(v=exchg.141).aspx

In either case you need to generate certificate from internal CA server.

Once you install certifcate on exchange server, assign Exchange services to that certificate for all Exchange servers
Later on you can remove expired certificates if you generated new certs instead of renewing them

Mahesh
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

The problem of the system drive in SBS 2003 getting full continues to be an issue, even though SBS 2008 and SBS 2011 are both in the market place.  There are several solutions to this, including adding additional drive space or using third party utiā€¦
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now