Sign in
 
HomeOnline20132010Other VersionsLibraryForumsGalleryEHLO Blog
TechCenter >
Wild card certificate not support for exchange SMTP?

Unanswered Wild card certificate not support for exchange SMTP?

  • Thursday, May 31, 2012 1:28 AM
     
     
    Sign In to Vote
    0

    Hi,

    We have already configure the wild card cert for our SMTP for Exchange 2010. When the mail client connect using starttls it will prompt with error message below.

     Event ID: 12014
    Microsoft Exchange could not find a certificate that contains the domain name MSG-mydomain.com in the personal store on the local computer. Therefore, it is unable to support the STARTTLS SMTP verb for the connector Default MSG-HUB1 with a FQDN parameter of MSG-HUB1.mydomain.com. If the connector's FQDN is not specified, the computer's FQDN is used. Verify the connector configuration and the installed certificates to make sure that there is a certificate with a domain name for that FQDN. If this certificate exists, run Enable-ExchangeCertificate -Services SMTP to make sure that the Microsoft Exchange Transport service has access to the certificate key.

    We saw the post at technet, some users recommended stop the starttls by using the command below, doesn't it help? In that case, for those users are using connecting using pop/Imap at mail client are they able to use the SSL port (587 with authentication SSL/TLS? What authentication we should use?

    Set-SendConnector -identity "MSG-HUB1.mydomain.com" -IgnoreSTARTTLS $true


    • Edited by ShiroBB Thursday, May 31, 2012 1:29 AM
    •  
     

All Replies

  • Thursday, May 31, 2012 10:20 AM
     
     
    Sign In to Vote
    0

    Anyone encounter this problem before? 

    Appreciate your advice!

     
  • Friday, June 01, 2012 2:15 PM
     
     
    Sign In to Vote
    0

    Hi

    Exchange 2010 supports wild card certificates.  What are all the service are using this certifcate like POP,IMAP,IIS & SMTP ?

    Get-ExchangeCertificate | fl thumbprint, services

    If you dont want cert authentication for SMTP, You can remove it.

    Can you please check OWA  whether it is perfectly opening without ay cert error from all the browser.?

    Manoj

     
  • Monday, June 04, 2012 2:29 AM
     
     
    Sign In to Vote
    0

    Hi Manoj,

    Thanks for the feedback! The wild card certificates only use for SMTP & IIS services. When we run the command given, we received both services running.

    [PS] C:\>Get-ExchangeCertificate | fl thumbprint, services

    Thumbprint : 681C87238649603D1D09F81EE97D2A4578D0C06B0
    Services   : SMTP, IIS 

    The SSL at OWA do not have any error for all the browser. 

    We have 2 received connector, client connector and default connector; the client connector are pointing to wild card cert and default connector are pointing to another domains which do not SSL. Could be the root cause? Can we set both connector to same FQDN (wild card cert)?  

     
  • Monday, June 04, 2012 8:30 AM
     
     
    Sign In to Vote
    0

    tell me one thing.. did you imported the certificate properly on us CAS and HTS... certificate and intermediate bundle if there is any .. please check if your certificate is imported properly .. i would suggest using this tool to check your CAS and HTS./..

    http://www.yusufozturk.info/exchange-server/hosted-exchange-2010-sp1-configuration-tool.html

    Let me knw if you have issues

    MARK AS USEFUL/ANSWER IF IT DID

    Thanks
    Happiness Always
    Jatin

     
  • Tuesday, June 12, 2012 7:24 AM
     
     
    Sign In to Vote
    0

    Hi Jatin,

    Here with our both Receiveconnector

    [PS] C:\>Get-ReceiveConnector | fl name, fqdn, objectClass


    Name        : Default MSG-HUB1
    Fqdn        : MSG-HUB1.messaging.mydomain1.net
    ObjectClass : {top, msExchSmtpReceiveConnector}

    Name        : Default MSG-HUB2
    Fqdn        : MSG-HUB2.messaging.mydomain1.net
    ObjectClass : {top, msExchSmtpReceiveConnector}

    Name        : Client MSG-HUB1
    Fqdn        : hub1.domain2.com
    ObjectClass : {top, msExchSmtpReceiveConnector}

    Name        : Client MSG-HUB2
    Fqdn        : hub2.domain2.com
    ObjectClass : {top, msExchSmtpReceiveConnector}

    [PS] C:\>Get-ExchangeCertificate -DomainName pop.domain2.com

    Thumbprint                                Services   Subject
    ----------                                --------   -------
    681C87238641604D1D9F81EE97D2A4578D0C06B4  ....S.     CN=*.domain2.com, OU=PremiumSSL Wildcard, OU=Hosted by domain2...

    And same UC cert applied for SMTP, IIS & IMAP services.

    We can't even change the default receiveconnector's FQDN. When tried to change it it will prompt error message below:

    If the AuthMechanism attribute on a receive connector contains the value ExchangeServer, you must set the FQDN parameter on the receive connector to one of the following values: the FQDN of the transport server "MSG-HUB1.mydomain1.net", the NetBIOS name of the transport server "MSG-HUB1", or $null.

    Do you have any idea about this? How to get the STARTTLS advertised and won't receive event 12014?


    • Edited by ShiroBB Tuesday, June 12, 2012 7:27 AM
    •