Exchange 2007 Certificate Error
I am running Exchange 2007 on a 64-bit Windows 2008 server. There is only one Exchange server in the organization. Recently, I received error 12015 on the server indicating that the internal cert has expired. I ran get-ExchangeCertificate
and got a new one (a least it said I had a new one). Now, I'm stuck. Outlook 2007 clients still say the certificate is expired. Do I need to do something else in this situation?
Stu
August 9th, 2010 9:14pm
Ideally you should complete your deployment by purchasing a certificate. The self signed certificate is designed as a place holder and should be switched for a commercial certificate. You can get compatible commercial certificates for less than US$80/year.
I have instructions on how to install the certificate here:
http://blog.sembee.co.uk/post/Exchange-2007-and-SSL-Certificates-Take-2.aspx
Simon.Simon Butler, Exchange MVP. http://blog.sembee.co.uk , http://exbpa.com/
Free Windows Admin Tool Kit Click here and download it now
August 10th, 2010 1:25am
For how to create the certificate CSR
https://www.digicert.com/easy-csr/exchange2007.htm
Installation steps
http://www.digicert.com/ssl-certificate-installation-microsoft-unified-communications.htmJonas Andersson MCTS: Microsoft Exchange Server 2007/2010 | MCITP: EMA 2007/2010 | MCSE/MCSA Blog:
http://www.testlabs.se/blog
August 10th, 2010 12:42pm
Hi Stu,
To generate a new self-signed certificate, you need to run new-exchangecertificate.
To resolve this problem, please try the following steps:
Step 1: Delete the expired certificate:
a. Run get-exchangecertificate |fl , please note the Thumbprint number of the expired certificate, such as 5113ae0233a72fccb75b1d0198628675333d010e.
b. Run
remove-exchangecertificate -thumbprint 5113ae0233a72fccb75b1d0198628675333d010e
to delete this expired certificate.
Step 2: Generate a new exchange certificate
new-exchangecertificate
If You may get a prompt to overwrite the default SMTP certificate. type A to overwrite it.
Step 3: Enable this new certificate for the exchange services:
Enable-exchangecertificate -thumbprint <the new certificate you just created> -services:IIS,SMTP,POP,IMAP
More information, please refer the following link:
http://technet.microsoft.com/en-us/library/aa997231(EXCHG.80).aspxPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. Thanks
Free Windows Admin Tool Kit Click here and download it now
August 11th, 2010 10:24am
Hello Stu P,
Check the Event Viewer for Event ID 12015,12014 and go through those Event Id &
according to that create a Self sign certificate for SMTP service.
For example :--
New-ExchangeCertificate -DomainName server.domain.local,mail.domain.com -Services
SMTP
After creating the Self sign certificate for SMTP service & restart the Transport
service.
It will help you.
EXCHANGE2010, MCSE, MCTS, MCSA MESSAGING, CCNA & GNIIT
August 12th, 2010 8:00pm