Exchange 2013, how do i assign a certificate to the SMTP site?

We have an on-prem exchange 2013 environment and we are seeing a gazillion schannel errors in the log.  When I look it up, the info online says i can safely ignore it and that to make the error stop, I can assign a certificate to the SMTP site.

Well, how exactly do I do that in Exchange 2013?  

Our CAS servers are split off from our mailbox servers.

We have certificates on our servers for OWA, etc.  So, I'm interested in making this event 36871 go away.

Thank you.

Cliff
crp0499CEOAsked:
Who is Participating?
 
RoninCommented:
My two cas servers have certs assigned. Do I need to assign the same cert to the two mail box servers?
It's recommended you deploy Exchange with both roles (CAS + MBX) and do not separate, however if you already there, the answer is no. Only CAS needs cert applied.
0
 
Tom CieslikIT EngineerCommented:
Event ID 36871: A Fatal Error Occurred While Creating An SSL (client or server) Credential
This behavior is caused by the SMTP service processing an incoming EHLO command if no certificate is assigned to an SMTP site. This message is logged twice, once when the SMTP service starts, and once when the first EHLO command is received.
Simple Mail Transfer Protocol (SMTP) controls how email is transported and then delivered across the Internet to the destination server. The SMTP EHLO command enables the server to identify its support for Extended Simple Mail Transfer Protocol (ESMTP) commands.

This is an erroneous Event log entry. You can safely ignore this message. To prevent this Event log entry, you must assign a certificate to the SMTP site.
0
 
crp0499CEOAuthor Commented:
Great.  I have that exact same info.  I'm asking HOW to assign a certificate to the SMTP site?  :)  I don't want to ignore the error.  I want to fix the error.
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
Tom CieslikIT EngineerCommented:
In the Exchange Administration Center navigate to Servers -> Certificates and choose the server that has the SSL certificate you wish to assign. The certificate must already been in a valid status before you can proceed further.

Maybe restart server will be required

Step by step you can find here

https://practical365.com/exchange-server/exchange-2013-assign-ssl-certificate-to-services/
0
 
crp0499CEOAuthor Commented:
My two cas servers have certs assigned. Do I need to assign the same cert to the two mail box servers?
0
 
Tom CieslikIT EngineerCommented:
Your servers are talking to each other ? How you email flow looks like ?
0
 
crp0499CEOAuthor Commented:
Email is flowing fine. No mail flow problems, just wanna get rid of the error.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.