Search This Blog

Monday, April 26, 2010

Exchange 2007 - Problem loading a certificate to be used for STARTTLS Purpose

Great reference point on resolving this "annoying" error message.


Alert : Exchange 2007 - Problem loading a certificate to be used for STARTTLS Purpose.

Generally this condition occurs if one or both of the following conditions is true:

1. The fully qualified domain name (FQDN) that is specified in the Warning event has been defined on a Receive connector or Send connector on a Microsoft Exchange Server 2007 transport server, and no certificate is installed on the same computer that contains the FQDN in the Subject or Subject Alternative Name fields.

2. A third-party or custom certificate has been installed on the server and it contains a matching FQDN. However, the certificate is not enabled for the SMTP service Others Exchange


Knowledge Base Details
Possible Cause :

As per Microsoft: "This Warning event indicates that there is a problem loading a certificate to be used for STARTTLS purposes. Generally, this problem occurs if one or both of the following conditions is true:
- The fully qualified domain name (FQDN) that is specified in the Warning event has been defined on a Receive connector or Send connector on a Microsoft Exchange Server 2007 transport server, and no certificate is installed on the same computer that contains the FQDN in the Subject or Subject Alternative Name fields.
- A third-party or custom certificate has been installed on the server and it contains a matching FQDN. However, the certificate is not enabled for the SMTP service".


User Acton :

1. Open "Exchange Management Shell".

2. Write "get-ExchangeCertificate" and press on "Enter" button.

3. Write down the Thumbprint of the certificate that reflect the required FQDN name of the server.

4. Review the current certificate that use by the Exchange server and

each certificate function.

5. Write "Enable-ExchangeCertificate -Thumbprint 2afd26617915932ad096c48eb3b847fc7457662 -Services "SMTP"

and press on 'Enter" button.

The value of -Thumbprint obtained in stage 3.

6. Restart the Exchange server.


For Creating a Certificate or Certificate Request for TLS check the below article

http://technet.microsoft.com/en-us/library/aa998840.aspx
Posted by at
Labels: , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)