No valid SMTP Transport Layer Security (TLS) Certificate for the FQDN of.

I am getting an error: No valid SMTP Transport Layer Security (TLS) Certificate for the FQDN of... The existing certificate for the FQDN has expired. Is this needed? we have a 3rd Party SSL?
mspencer100Asked:
Who is Participating?
 
becraigConnect With a Mentor Commented:
I agree with David, if it is not too late I would look into getting a SAN cert with the fqdns you need to resolve.

We can fix this otherwise, but the potential for a headache down the road should be avoided now by replacing the certificate.


Follow the steps here for a SAN request.
http://www.entrust.net/knowledge-base/technote.cfm?tn=8293
Do any of your internal urls point to a .local domain or do they all correctly point to .com?
0
 
becraigCommented:
Sounds like you update your certificate but did not update the server.

Get the thumbprint for the new cert and run the command below:

enable-exchangecertificate -thumbprint xxxxxx-services SMTP, IMAP, POP, IIS
1
 
mspencer100Author Commented:
the 4rd party SSL has beeb aplied but it looks like we have a FQDN for the internal server, i.e. "internalemalservername.dominname.com" the 3rd party SSL is for mail.domainname.com. as i look at the connectors it looks to DNS to resolve MX so it looks like for local users they are being taken to internalemalservername.dominname.com via DNS and redirected by MX to the mail server via FQDN mail.domainname.com?
Thoughts on why this was set up this way? How to fix?
0
 
David Johnson, CD, MVPOwnerCommented:
where does your autodiscover point to?  You do know that you should have purchased a SAN certificate that covers all of the mail bases
mail.domain.com
autodiscover.domain.com
you should create the request on the Exchange server

helpful links
http://www.digicert.com/csr-creation-microsoft-exchange-2010.htm
http://www.digicert.com/ssl-certificate-installation-microsoft-exchange-2010.htm
0
 
Simon Butler (Sembee)Connect With a Mentor ConsultantCommented:
This is a common problem because Exchange needs an SSL certificate with the server FQDN on it for internal transport flow using SSL.

As such, the easiest fix is to run

new-exchangecertificate

No other switches. You will get prompted to replace the default SMTP certificate. Say yes to that and the error will go away.
You can then remove the expired SSL certificate using get-exchangecertificate to view them, then remove-exchangecertificate to remove it.

No need to replace the SSL certificate you already have.

Simon.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.