Solved

No valid SMTP Transport Layer Security (TLS) Certificate for the FQDN of.

Posted on 2014-04-30
5
5,134 Views
Last Modified: 2014-05-01
I am getting an error: No valid SMTP Transport Layer Security (TLS) Certificate for the FQDN of... The existing certificate for the FQDN has expired. Is this needed? we have a 3rd Party SSL?
0
Comment
Question by:mspencer100
5 Comments
 
LVL 28

Expert Comment

by:becraig
Comment Utility
Sounds like you update your certificate but did not update the server.

Get the thumbprint for the new cert and run the command below:

enable-exchangecertificate -thumbprint xxxxxx-services SMTP, IMAP, POP, IIS
1
 

Author Comment

by:mspencer100
Comment Utility
the 4rd party SSL has beeb aplied but it looks like we have a FQDN for the internal server, i.e. "internalemalservername.dominname.com" the 3rd party SSL is for mail.domainname.com. as i look at the connectors it looks to DNS to resolve MX so it looks like for local users they are being taken to internalemalservername.dominname.com via DNS and redirected by MX to the mail server via FQDN mail.domainname.com?
Thoughts on why this was set up this way? How to fix?
0
 
LVL 78

Expert Comment

by:David Johnson, CD, MVP
Comment Utility
where does your autodiscover point to?  You do know that you should have purchased a SAN certificate that covers all of the mail bases
mail.domain.com
autodiscover.domain.com
you should create the request on the Exchange server

helpful links
http://www.digicert.com/csr-creation-microsoft-exchange-2010.htm
http://www.digicert.com/ssl-certificate-installation-microsoft-exchange-2010.htm
0
 
LVL 28

Accepted Solution

by:
becraig earned 250 total points
Comment Utility
I agree with David, if it is not too late I would look into getting a SAN cert with the fqdns you need to resolve.

We can fix this otherwise, but the potential for a headache down the road should be avoided now by replacing the certificate.


Follow the steps here for a SAN request.
http://www.entrust.net/knowledge-base/technote.cfm?tn=8293
Do any of your internal urls point to a .local domain or do they all correctly point to .com?
0
 
LVL 63

Assisted Solution

by:Simon Butler (Sembee)
Simon Butler (Sembee) earned 250 total points
Comment Utility
This is a common problem because Exchange needs an SSL certificate with the server FQDN on it for internal transport flow using SSL.

As such, the easiest fix is to run

new-exchangecertificate

No other switches. You will get prompted to replace the default SMTP certificate. Say yes to that and the error will go away.
You can then remove the expired SSL certificate using get-exchangecertificate to view them, then remove-exchangecertificate to remove it.

No need to replace the SSL certificate you already have.

Simon.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Utilizing an array to gracefully append to a list of EmailAddresses
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
In this video we show how to create a User Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Mailb…
In this video we show how to create a Distribution Group in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >>…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now