locked
Exchange 2007 Certificate Error RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote

    I am running Exchange 2007 on a 64-bit Windows  2008 server.  There is only one Exchange server in the organization.  Recently, I received error 12015 on the server indicating that the internal cert has expired.  I ran get-ExchangeCertificate and got a new one (a least it said I had a new one).  Now, I'm stuck.  Outlook 2007 clients still say the certificate is expired.  Do I need to do something else in this situation? 

    Stu

    Monday, August 9, 2010 6:14 PM

Answers

  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi Stu,

    To generate a new self-signed certificate, you need to run new-exchangecertificate.

    To resolve this problem, please try the following steps:

    Step 1: Delete the expired certificate:

    a. Run get-exchangecertificate |fl , please note the Thumbprint number of the expired certificate, such as 5113ae0233a72fccb75b1d0198628675333d010e.

    b. Run remove-exchangecertificate -thumbprint 5113ae0233a72fccb75b1d0198628675333d010e to delete this expired certificate.

    Step 2: Generate a new exchange certificate

    new-exchangecertificate

    If You may get a prompt to overwrite the default SMTP certificate. type A to overwrite it.

    Step 3: Enable this new certificate for the exchange services:

    Enable-exchangecertificate -thumbprint  <the new certificate you just created> -services:IIS,SMTP,POP,IMAP

    More information, please refer the following link:

    http://technet.microsoft.com/en-us/library/aa997231(EXCHG.80).aspx

    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. Thanks
    • Marked as answer by Gen Lin Wednesday, August 18, 2010 11:06 AM
    Wednesday, August 11, 2010 7:24 AM

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote

    Ideally you should complete your deployment by purchasing a certificate. The self signed certificate is designed as a place holder and should be switched for a commercial certificate. You can get compatible commercial certificates for less than US$80/year.

    I have instructions on how to install the certificate here: http://blog.sembee.co.uk/post/Exchange-2007-and-SSL-Certificates-Take-2.aspx

    Simon.

    Simon Butler, Exchange MVP. http://blog.sembee.co.uk , http://exbpa.com/
    Monday, August 9, 2010 10:25 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    For how to create the certificate CSR

    https://www.digicert.com/easy-csr/exchange2007.htm

     

    Installation steps

    http://www.digicert.com/ssl-certificate-installation-microsoft-unified-communications.htm

    Jonas Andersson MCTS: Microsoft Exchange Server 2007/2010 | MCITP: EMA 2007/2010 | MCSE/MCSA Blog: http://www.testlabs.se/blog
    Tuesday, August 10, 2010 9:42 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi Stu,

    To generate a new self-signed certificate, you need to run new-exchangecertificate.

    To resolve this problem, please try the following steps:

    Step 1: Delete the expired certificate:

    a. Run get-exchangecertificate |fl , please note the Thumbprint number of the expired certificate, such as 5113ae0233a72fccb75b1d0198628675333d010e.

    b. Run remove-exchangecertificate -thumbprint 5113ae0233a72fccb75b1d0198628675333d010e to delete this expired certificate.

    Step 2: Generate a new exchange certificate

    new-exchangecertificate

    If You may get a prompt to overwrite the default SMTP certificate. type A to overwrite it.

    Step 3: Enable this new certificate for the exchange services:

    Enable-exchangecertificate -thumbprint  <the new certificate you just created> -services:IIS,SMTP,POP,IMAP

    More information, please refer the following link:

    http://technet.microsoft.com/en-us/library/aa997231(EXCHG.80).aspx

    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. Thanks
    • Marked as answer by Gen Lin Wednesday, August 18, 2010 11:06 AM
    Wednesday, August 11, 2010 7:24 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hello Stu P,

    Check the Event Viewer for Event ID 12015,12014 and go through those Event Id & according to that create a Self sign certificate for SMTP service.

    For example :--

    New-ExchangeCertificate -DomainName server.domain.local,mail.domain.com -Services SMTP

    After creating the Self sign certificate for SMTP service & restart the Transport service.

    It will help you.

     

    EXCHANGE2010, MCSE, MCTS, MCSA MESSAGING, CCNA & GNIIT
    Thursday, August 12, 2010 5:00 PM