Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

No valid SMTP Transport Layer Security (TLS) Certificate for the FQDN of.

Posted on 2014-04-30
5
Medium Priority
?
5,593 Views
Last Modified: 2014-05-01
I am getting an error: No valid SMTP Transport Layer Security (TLS) Certificate for the FQDN of... The existing certificate for the FQDN has expired. Is this needed? we have a 3rd Party SSL?
0
Comment
Question by:mspencer100
5 Comments
 
LVL 29

Expert Comment

by:becraig
ID: 40032705
Sounds like you update your certificate but did not update the server.

Get the thumbprint for the new cert and run the command below:

enable-exchangecertificate -thumbprint xxxxxx-services SMTP, IMAP, POP, IIS
1
 

Author Comment

by:mspencer100
ID: 40032758
the 4rd party SSL has beeb aplied but it looks like we have a FQDN for the internal server, i.e. "internalemalservername.dominname.com" the 3rd party SSL is for mail.domainname.com. as i look at the connectors it looks to DNS to resolve MX so it looks like for local users they are being taken to internalemalservername.dominname.com via DNS and redirected by MX to the mail server via FQDN mail.domainname.com?
Thoughts on why this was set up this way? How to fix?
0
 
LVL 84

Expert Comment

by:David Johnson, CD, MVP
ID: 40033072
where does your autodiscover point to?  You do know that you should have purchased a SAN certificate that covers all of the mail bases
mail.domain.com
autodiscover.domain.com
you should create the request on the Exchange server

helpful links
http://www.digicert.com/csr-creation-microsoft-exchange-2010.htm
http://www.digicert.com/ssl-certificate-installation-microsoft-exchange-2010.htm
0
 
LVL 29

Accepted Solution

by:
becraig earned 1000 total points
ID: 40033335
I agree with David, if it is not too late I would look into getting a SAN cert with the fqdns you need to resolve.

We can fix this otherwise, but the potential for a headache down the road should be avoided now by replacing the certificate.


Follow the steps here for a SAN request.
http://www.entrust.net/knowledge-base/technote.cfm?tn=8293
Do any of your internal urls point to a .local domain or do they all correctly point to .com?
0
 
LVL 63

Assisted Solution

by:Simon Butler (Sembee)
Simon Butler (Sembee) earned 1000 total points
ID: 40034329
This is a common problem because Exchange needs an SSL certificate with the server FQDN on it for internal transport flow using SSL.

As such, the easiest fix is to run

new-exchangecertificate

No other switches. You will get prompted to replace the default SMTP certificate. Say yes to that and the error will go away.
You can then remove the expired SSL certificate using get-exchangecertificate to view them, then remove-exchangecertificate to remove it.

No need to replace the SSL certificate you already have.

Simon.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If something goes wrong with Exchange, your IT resources are in trouble.All Exchange server migration processes are not designed to be identical and though migrating email from on-premises Exchange mailbox to Cloud’s Office 365 is relatively simple…
In this post, I will showcase the steps for how to create groups in Office 365. Office 365 groups allow for ease of flexibility and collaboration between staff members.
This Experts Exchange video Micro Tutorial shows how to tell Microsoft Office that a word is NOT spelled correctly. Microsoft Office has a built-in, main dictionary that is shared by Office apps, including Excel, Outlook, PowerPoint, and Word. When …
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
Suggested Courses

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question