Solved

EXchange Certificate Issues

Posted on 2013-12-02
4
294 Views
Last Modified: 2014-01-14
Hi All.

Our client is running SBS2011 with Exchange 2010.

We have a error log as follows:

There is no valid SMTP Transport Layer Security (TLS) certificate for the FQDN of XXXXXX.xxxx.local. The existing certificate for that FQDN has expired. The continued use of that FQDN will cause mail flow problems. A new certificate that contains the FQDN of XXXXXX.xxxx.local should be installed on this server as soon as possible. You can create a new certificate by using the New-ExchangeCertificate task.

This is clearly related to the the Exchange Certificates (Please see attached JPG) but I am confised how to resolve this issue.

As a little background - we have installed a 3rd Party SSL Certificate from GoDaddy that is working fine. I can see that we can renew this certificate through the Exchange console - but we are not sure where to re-new it from - its not Self-Signed and I dont know where to get it from.

Can anyone please throw some light on this for us.

Thank you
Regards
Andy Keen
0
Comment
Question by:AndyKeen
  • 2
4 Comments
 
LVL 35

Expert Comment

by:Mahesh
ID: 39689563
Screen shot is missing

1st You need to check on Exchange server console, if this certificate is expired in its properties

Mahesh
0
 
LVL 1

Author Comment

by:AndyKeen
ID: 39689566
Hi MaheshPM

Sorry - selected it - forgot to upload :/

Please see attached and this should answer your question.

Thank you
Exchange-Certificates.jpg
0
 
LVL 6

Accepted Solution

by:
donnk earned 500 total points
ID: 39689587
delete the expired certs using mmc then re-run both the cert wizard and the fix my network wizard
0
 
LVL 35

Expert Comment

by:Mahesh
ID: 39689592
Yes all 3 certificates are expired and IMAP, POP and SMTP services are assgned to that.

All 3 certificates are issued fro internal CA installed in your network

since these is local Certificate, you can generate New CSR ( make sure to include all SAN Names which are in Existing Certificate) from Exchange 2010 , generate Certificate from your local CA for CSR
http://support.godaddy.com/help/article/6086/generating-a-certificate-signing-request-csr-exchange-server-2010  - Link for how to generate new CSR
http://dmaymigrations.blogspot.in/2011/02/how-to-install-cerificate-in-exchange.html  - Link for how to get certificate from internal CA against CSR

OR

you can renew the exchange certificate with the EMC or EMS. Please refer this document to do it:
http://technet.microsoft.com/en-us/library/ee332322(v=exchg.141).aspx

In either case you need to generate certificate from internal CA server.

Once you install certifcate on exchange server, assign Exchange services to that certificate for all Exchange servers
Later on you can remove expired certificates if you generated new certs instead of renewing them

Mahesh
0

Featured Post

Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A lot of problems and solutions are available on the net for the error message "Source server does not meet minimum requirements for migration" while performing a migration from Small Business Server 2003 to SBS 2008. This error pops up just before …
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …
Send secure, cloud-based, encrypted alerts and maintain HIPAA compliant messaging. Integrates priority & secure messaging into one application. Ensures IT, emergency respondents and healthcare professionals that their critical messages are never mis…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now