Solved

EXchange Certificate Issues

Posted on 2013-12-02
4
303 Views
Last Modified: 2014-01-14
Hi All.

Our client is running SBS2011 with Exchange 2010.

We have a error log as follows:

There is no valid SMTP Transport Layer Security (TLS) certificate for the FQDN of XXXXXX.xxxx.local. The existing certificate for that FQDN has expired. The continued use of that FQDN will cause mail flow problems. A new certificate that contains the FQDN of XXXXXX.xxxx.local should be installed on this server as soon as possible. You can create a new certificate by using the New-ExchangeCertificate task.

This is clearly related to the the Exchange Certificates (Please see attached JPG) but I am confised how to resolve this issue.

As a little background - we have installed a 3rd Party SSL Certificate from GoDaddy that is working fine. I can see that we can renew this certificate through the Exchange console - but we are not sure where to re-new it from - its not Self-Signed and I dont know where to get it from.

Can anyone please throw some light on this for us.

Thank you
Regards
Andy Keen
0
Comment
Question by:AndyKeen
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 37

Expert Comment

by:Mahesh
ID: 39689563
Screen shot is missing

1st You need to check on Exchange server console, if this certificate is expired in its properties

Mahesh
0
 
LVL 1

Author Comment

by:AndyKeen
ID: 39689566
Hi MaheshPM

Sorry - selected it - forgot to upload :/

Please see attached and this should answer your question.

Thank you
Exchange-Certificates.jpg
0
 
LVL 6

Accepted Solution

by:
donnk earned 500 total points
ID: 39689587
delete the expired certs using mmc then re-run both the cert wizard and the fix my network wizard
0
 
LVL 37

Expert Comment

by:Mahesh
ID: 39689592
Yes all 3 certificates are expired and IMAP, POP and SMTP services are assgned to that.

All 3 certificates are issued fro internal CA installed in your network

since these is local Certificate, you can generate New CSR ( make sure to include all SAN Names which are in Existing Certificate) from Exchange 2010 , generate Certificate from your local CA for CSR
http://support.godaddy.com/help/article/6086/generating-a-certificate-signing-request-csr-exchange-server-2010  - Link for how to generate new CSR
http://dmaymigrations.blogspot.in/2011/02/how-to-install-cerificate-in-exchange.html  - Link for how to get certificate from internal CA against CSR

OR

you can renew the exchange certificate with the EMC or EMS. Please refer this document to do it:
http://technet.microsoft.com/en-us/library/ee332322(v=exchg.141).aspx

In either case you need to generate certificate from internal CA server.

Once you install certifcate on exchange server, assign Exchange services to that certificate for all Exchange servers
Later on you can remove expired certificates if you generated new certs instead of renewing them

Mahesh
0

Featured Post

Resolve Critical IT Incidents Fast

If your data, services or processes become compromised, your organization can suffer damage in just minutes and how fast you communicate during a major IT incident is everything. Learn how to immediately identify incidents & best practices to resolve them quickly and effectively.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This guide is intended for migrating Windows 2003 Standard with Exchange 2003 to Windows Small Business Server 2008. You will need the following: Exchange Best Practice Analyzer: http://www.microsoft.com/downloads/details.aspx?FamilyID=DBAB201F-…
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question