New SSL Certificate for SMTP Not Working

Copper Contributor

I have a working Exchange 2016 on premise. We have an SSL certificate which expires soon so I want to replace it. I purchased a new certificate and installed in on the server using mmc. When I go to Exchange admin center I can see it under Servers -> Certificates.

I enable the certificate using the Exchange admin center or PowerShell:

Enable-ExchangeCertificate -Thumbprint <Thumbprint new certificate> -Service POP,IMAP,IIS,SMTP

Both of these methods work fine for IIS and when I open the OWA the new certificate is shown correctly.

However, when I remove the old certificate (either using the Exchange admin center, Remove-ExchangeCertificate or mmc), SMTP stops working immediately. If I run a test using a .net application, it fails with the error:

Server does not support secure connections.

If I install the old certificate again using mmc, everything works fine immediately again.

My questions is how can I make the new certificate be the only one used and remove the dependency on the old one which will expire soon?

 

Edit: Found the solution from STUBB0 from https://community.spiceworks.com/topic/2205435-msexchangefrontendtransport-event-id-12014

0 Replies