Sometimes too much security can add to your to do list.... It's good to keep on top of this as TLS security does indeed serve a purpose.
The certificate that is used for Transport Layer Security (TLS) on this computer will expire soon. Critical Non-Impact Alerts Exchange 2007
Knowledge Base Details
Run "Get-ExchangeCertificate |fl" and look for the relevant Thumbprint referred to in the event id 12017 / 12018.
The default self-signed cert has to be renewed. A 12017 warning that contains the number of hours you have left to do this precedes this event.
Run the following Exchange PowerShell commands to resolve this issue:
1. get-exchangecertificate | fl
2. new-exchangecertificate -confirm -DomainName servername servername.domain.name -Keysize 2048 -Services SMTP
3. enable-exchangecertificate -Thumbprint LONGHEXNUMBER -Services:None
The first command gives you the list of your certificates. Find the matching thumbprint (long hex number) to see the one that is expiring. Use the parameters shown in that certificate to fill in the fields for your second command. Then, once successful use the third command to disable the expiring certificate from all services.
No comments:
Post a Comment