Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

No valid SMTP Transport Layer Security (TLS) Certificate for the FQDN of.

Posted on 2014-04-30
5
Medium Priority
?
5,522 Views
Last Modified: 2014-05-01
I am getting an error: No valid SMTP Transport Layer Security (TLS) Certificate for the FQDN of... The existing certificate for the FQDN has expired. Is this needed? we have a 3rd Party SSL?
0
Comment
Question by:mspencer100
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 29

Expert Comment

by:becraig
ID: 40032705
Sounds like you update your certificate but did not update the server.

Get the thumbprint for the new cert and run the command below:

enable-exchangecertificate -thumbprint xxxxxx-services SMTP, IMAP, POP, IIS
1
 

Author Comment

by:mspencer100
ID: 40032758
the 4rd party SSL has beeb aplied but it looks like we have a FQDN for the internal server, i.e. "internalemalservername.dominname.com" the 3rd party SSL is for mail.domainname.com. as i look at the connectors it looks to DNS to resolve MX so it looks like for local users they are being taken to internalemalservername.dominname.com via DNS and redirected by MX to the mail server via FQDN mail.domainname.com?
Thoughts on why this was set up this way? How to fix?
0
 
LVL 83

Expert Comment

by:David Johnson, CD, MVP
ID: 40033072
where does your autodiscover point to?  You do know that you should have purchased a SAN certificate that covers all of the mail bases
mail.domain.com
autodiscover.domain.com
you should create the request on the Exchange server

helpful links
http://www.digicert.com/csr-creation-microsoft-exchange-2010.htm
http://www.digicert.com/ssl-certificate-installation-microsoft-exchange-2010.htm
0
 
LVL 29

Accepted Solution

by:
becraig earned 1000 total points
ID: 40033335
I agree with David, if it is not too late I would look into getting a SAN cert with the fqdns you need to resolve.

We can fix this otherwise, but the potential for a headache down the road should be avoided now by replacing the certificate.


Follow the steps here for a SAN request.
http://www.entrust.net/knowledge-base/technote.cfm?tn=8293
Do any of your internal urls point to a .local domain or do they all correctly point to .com?
0
 
LVL 63

Assisted Solution

by:Simon Butler (Sembee)
Simon Butler (Sembee) earned 1000 total points
ID: 40034329
This is a common problem because Exchange needs an SSL certificate with the server FQDN on it for internal transport flow using SSL.

As such, the easiest fix is to run

new-exchangecertificate

No other switches. You will get prompted to replace the default SMTP certificate. Say yes to that and the error will go away.
You can then remove the expired SSL certificate using get-exchangecertificate to view them, then remove-exchangecertificate to remove it.

No need to replace the SSL certificate you already have.

Simon.
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will help to fix the below error for MS Exchange server 2010 I. Out Of office not working II. Certificate error "name on the security certificate is invalid or does not match the name of the site" III. Make Internal URLs and External…
A couple of months ago we ran into an issue that necessitated re-creating our Edge Subscriptions. However, when we attempted to execute the command: New-EdgeSubscription -filename C:\NewEdgeSub_01.xml we received an error indicating that the LDAP se…
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …
Suggested Courses

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question