Solved

Renew Self Signed Cert SBS 2008

Posted on 2014-09-22
3
292 Views
Last Modified: 2014-10-12
Good day folks. I received this error:

"There is no valid SMTP Transport Layer Security (TLS) certificate for the FQDN of SBSERVER01.mydomain.local. The existing certificate for that FQDN has expired. The continued use of that FQDN will cause mail flow problems. A new certificate that contains the FQDN of SBSERVER01.mydomain.local should be installed on this server as soon as possible. You can create a new certificate by using the New-ExchangeCertificate task."

A couple weeks ago I renewed the UCC SSL certificate for server.domain.com. And since there has been an "industry decision" to no longer include .local or intranet domain names within the SANs of SSL certificates, I'm now receiving an error about the self-signed certificate since my FQDN is server.domain.local

Normally this wouldn't be too big of a deal, but since we're dealing with SBS 2008 this makes the things a little different.

All of the AutoDiscover URLs, EWS, OAB, and critical virtual directories of Exchange are all pointed to the server.domain.com and not the .local. Yet the event viewer is still throwing up this error like it's going to cause a disruption in mail flow. I'm not sure I should believe it or not, but I'd like to at least renew the self signed cert.

I would normally accomplish this by using the SBS Console. However since SBS is wizard driven, I have a feeling generating a self signed cert through the "Add a trusted certificate" wizard, it will completely overwrite the cert I just renewed for the .COM.

Any advice would be greatly appreciated. Thank you.
0
Comment
Question by:cardscomp
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 

Accepted Solution

by:
cardscomp earned 0 total points
ID: 40336470
I was able to resolve the issue simply by opening the Exchange Management Shell and running the "New-ExchangeCertificate" cmdlet.

It specifically said that "This certificate WILL NOT be used for external TLS connections" which is exactly what I wanted to avoid. Simply run that command and everything is good to go.
0
 
LVL 5

Expert Comment

by:nashim khan
ID: 40338892
Hi,

Please see the below link it will guide you for SBS.

http://www.petenetlive.com/KB/Article/0000535.htm

Thank you.
0
 

Author Closing Comment

by:cardscomp
ID: 40375474
It made the error go away.
0

Featured Post

Forrester Webinar: xMatters Delivers 261% ROI

Guest speaker Dean Davison, Forrester Principal Consultant, explains how a Fortune 500 communication company using xMatters found these results: Achieved a 261% ROI, Experienced $753,280 in net present value benefits over 3 years and Reduced MTTR by 91% for tier 1 incidents.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Adding a 2nd DC to a current SBS 2008 and demoting SBS 2008? 12 203
General computer performance vs. am I just impatient? 7 106
Configure SBS 2008 monitoring 4 59
Exchange 2007 3 61
The articles for turning off the Client firewall policy on the internet are for SBS 2008 and don't really help for SBS 2011. They actually moved the Client firewall policy. In 2011, the client firewall policy has moved to the SBS computers conta…
Because virtualization becomes more and more common, and, with Microsoft Hyper-V included in Windows Server at no additional costs, and, most server hardware nowadays is more than capable of running a physical Small Business Server (SBS) 2008 or 201…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Suggested Courses

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question