Solved

EXchange Certificate Issues

Posted on 2013-12-02
4
300 Views
Last Modified: 2014-01-14
Hi All.

Our client is running SBS2011 with Exchange 2010.

We have a error log as follows:

There is no valid SMTP Transport Layer Security (TLS) certificate for the FQDN of XXXXXX.xxxx.local. The existing certificate for that FQDN has expired. The continued use of that FQDN will cause mail flow problems. A new certificate that contains the FQDN of XXXXXX.xxxx.local should be installed on this server as soon as possible. You can create a new certificate by using the New-ExchangeCertificate task.

This is clearly related to the the Exchange Certificates (Please see attached JPG) but I am confised how to resolve this issue.

As a little background - we have installed a 3rd Party SSL Certificate from GoDaddy that is working fine. I can see that we can renew this certificate through the Exchange console - but we are not sure where to re-new it from - its not Self-Signed and I dont know where to get it from.

Can anyone please throw some light on this for us.

Thank you
Regards
Andy Keen
0
Comment
Question by:AndyKeen
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 37

Expert Comment

by:Mahesh
ID: 39689563
Screen shot is missing

1st You need to check on Exchange server console, if this certificate is expired in its properties

Mahesh
0
 
LVL 1

Author Comment

by:AndyKeen
ID: 39689566
Hi MaheshPM

Sorry - selected it - forgot to upload :/

Please see attached and this should answer your question.

Thank you
Exchange-Certificates.jpg
0
 
LVL 6

Accepted Solution

by:
donnk earned 500 total points
ID: 39689587
delete the expired certs using mmc then re-run both the cert wizard and the fix my network wizard
0
 
LVL 37

Expert Comment

by:Mahesh
ID: 39689592
Yes all 3 certificates are expired and IMAP, POP and SMTP services are assgned to that.

All 3 certificates are issued fro internal CA installed in your network

since these is local Certificate, you can generate New CSR ( make sure to include all SAN Names which are in Existing Certificate) from Exchange 2010 , generate Certificate from your local CA for CSR
http://support.godaddy.com/help/article/6086/generating-a-certificate-signing-request-csr-exchange-server-2010  - Link for how to generate new CSR
http://dmaymigrations.blogspot.in/2011/02/how-to-install-cerificate-in-exchange.html  - Link for how to get certificate from internal CA against CSR

OR

you can renew the exchange certificate with the EMC or EMS. Please refer this document to do it:
http://technet.microsoft.com/en-us/library/ee332322(v=exchg.141).aspx

In either case you need to generate certificate from internal CA server.

Once you install certifcate on exchange server, assign Exchange services to that certificate for all Exchange servers
Later on you can remove expired certificates if you generated new certs instead of renewing them

Mahesh
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The SBS 2011 release date (RTM) is supposed to be around Christmas, 2011.  This article is a compilation of my notes -- things I have learned first hand.  The items are in a rather random order, but I think this list covers most of what is new and d…
A quick step-by-step overview of installing and configuring Carbonite Server Backup.

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question