STARTTLS certificate will expire soon - need to change it be be using another existing certificate
We are getting an error in out logs saying

"The STARTTLS certificate will expire soon: subject: [server].[domain] thumbprint: [thumbprint], hours remaining: 1726. Run the New-ExchangeCertificate cmdlet to create a new certificate."

Most posts I see on this subject talk about creating a new self-signed certificate, but the thing is that the certificate it is currently using (the one to expire in 1726 hours) is not a self-signed certificate. It is a public certificate which until recently was also used for the IIS, SMTP, POP and IMAP services.  We have since had a new certificate issued and moved all those services (IIS, SMTP, POP & IMAP) to it, but STARTTLS is seemingly still tied to the old certificate.  How can I set STARTTLS to use the new certificate?


  • Edited by GLONeill Monday, August 10, 2015 1:56 AM
August 10th, 2015 1:43am
SMTP is probably bound to two certificates, and that's normal.  Renew the self-signed certificate as per the instructions you've seen.
Free Windows Admin Tool Kit Click here and download it now
August 10th, 2015 4:37am

Hi,

Please run the following command to check the certificate status in your environment:

Get-ExchangeCertificate | fl

Please share the results here for detailed infomration. Make sure the new certificate includes all namespaces in the old certificate. If the SMTP service is assigned with the old expired certificate, please also assign SMTP service for the new certificate.

Regards,

August 12th, 2015 3:15am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics