Link to home
Create AccountLog in
Avatar of crp0499
crp0499Flag for United States of America

asked on

Exchange 2013, how do i assign a certificate to the SMTP site?

We have an on-prem exchange 2013 environment and we are seeing a gazillion schannel errors in the log.  When I look it up, the info online says i can safely ignore it and that to make the error stop, I can assign a certificate to the SMTP site.

Well, how exactly do I do that in Exchange 2013?  

Our CAS servers are split off from our mailbox servers.

We have certificates on our servers for OWA, etc.  So, I'm interested in making this event 36871 go away.

Thank you.

Cliff
Avatar of Tom Cieslik
Tom Cieslik
Flag of United States of America image

Event ID 36871: A Fatal Error Occurred While Creating An SSL (client or server) Credential
This behavior is caused by the SMTP service processing an incoming EHLO command if no certificate is assigned to an SMTP site. This message is logged twice, once when the SMTP service starts, and once when the first EHLO command is received.
Simple Mail Transfer Protocol (SMTP) controls how email is transported and then delivered across the Internet to the destination server. The SMTP EHLO command enables the server to identify its support for Extended Simple Mail Transfer Protocol (ESMTP) commands.

This is an erroneous Event log entry. You can safely ignore this message. To prevent this Event log entry, you must assign a certificate to the SMTP site.
Avatar of crp0499

ASKER

Great.  I have that exact same info.  I'm asking HOW to assign a certificate to the SMTP site?  :)  I don't want to ignore the error.  I want to fix the error.
In the Exchange Administration Center navigate to Servers -> Certificates and choose the server that has the SSL certificate you wish to assign. The certificate must already been in a valid status before you can proceed further.

Maybe restart server will be required

Step by step you can find here

https://practical365.com/exchange-server/exchange-2013-assign-ssl-certificate-to-services/
Avatar of crp0499

ASKER

My two cas servers have certs assigned. Do I need to assign the same cert to the two mail box servers?
Your servers are talking to each other ? How you email flow looks like ?
Avatar of crp0499

ASKER

Email is flowing fine. No mail flow problems, just wanna get rid of the error.
ASKER CERTIFIED SOLUTION
Avatar of Vick Vega
Vick Vega
Flag of Canada image

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account