SOLVED

Starttls expires in ### day's, but certificate is not any more in the Exchangecertificate store

%3CLINGO-SUB%20id%3D%22lingo-sub-1603733%22%20slang%3D%22en-US%22%3EStarttls%20expires%20in%20%23%23%23%20day's%2C%20but%20certificate%20is%20not%20any%20more%20in%20the%20Exchangecertificate%20store%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1603733%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EProbably%20someone%20can%20help%20me.%3CBR%20%2F%3EFrom%20one%20of%20the%20MB%20server%20in%20the%20cluster%20has%20within%2010%20days%20an%20expired%20starttls%20certificate.%20But%20this%20certificate%20is%20from%20a%20CA.%20But%20the%20certificate%20is%20not%20in%20de%20Exchangecertificate%20store%20anymore%3CBR%20%2F%3E%3CBR%20%2F%3ESo%20how%20can%20I%20find%20the%20right%20connector%20where%20this%20certificate%20is%20connected%20to%20and%20how%20can%20I%20change%20this%20certificate.%3CBR%20%2F%3E%3CBR%20%2F%3EMessage%20in%20eventviewer%20is%3A%26nbsp%3B%3CSPAN%3EThe%20STARTTLS%20certificate%20will%20expire%20soon%3A%20subject%3A%20%3CMB%20server%3D%22%22%20name%3D%22%22%3E%2C%20thumbprint%3A%20%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%2C%20expires%3A%2031-8-2020%2023%3A59%3A59.%20Run%20the%20New-ExchangeCertificate%26nbsp%3B%3C%2FMB%3E%3C%2FSPAN%3E%3CSPAN%3Ecmdlet%20to%20create%20a%20new%20certificate.%3C%2FSPAN%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%3CP%3EThanks%20so%20far%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1603733%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3E2016%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EExchange%20Server%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Ehybrid%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1607299%22%20slang%3D%22en-US%22%3ERe%3A%20Starttls%20expires%20in%20%23%23%23%20day's%2C%20but%20certificate%20is%20not%20any%20more%20in%20the%20Exchangecertificate%20store%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1607299%22%20slang%3D%22en-US%22%3E%3CP%3EI've%20found%20the%20solution%3CBR%20%2F%3E%3CBR%20%2F%3EWith%20the%20command%26nbsp%3B%26nbsp%3B%3CSTRONG%3EGet-ReceiveConnector%20%7C%20select-object%20identity%2C%20TlsCertificateName%3C%2FSTRONG%3E%20I%20found%20the%20connectors%20with%20the%20certificate.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWith%20the%20commands%20mentioned%20at%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fpractical365.com%2Fexchange-server%2Fconfiguring-the-tls-certificate-name-for-exchange-server-receive-connectors%2F%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fpractical365.com%2Fexchange-server%2Fconfiguring-the-tls-certificate-name-for-exchange-server-receive-connectors%2F%3C%2FA%3E%26nbsp%3BI%20had%20changed%20the%20certificate%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20are%3A%3C%2FP%3E%3CP%3E%24cert%20%3D%20Get-ExchangeCertificate%20-Thumbprint%20%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%3CBR%20%2F%3E%24tlscertificatename%20%3D%20%22%3CI%3E%24(%24cert.Issuer)%3C%2FI%3E%3CS%3E%3CI%3E%24(%24cert.Subject)%22%3CBR%20%2F%3ESet-ReceiveConnector%20%E2%80%9CName%20of%20the%20receiver%20connector%E2%80%9D%20-TlsCertificateName%20%24tlscertificatename%3C%2FI%3E%3C%2FS%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIssue%20has%20been%20solved%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Contributor

Hi,

 

Probably someone can help me.
From one of the MB server in the cluster has within 10 days an expired starttls certificate. But this certificate is from a CA. But the certificate is not in de Exchangecertificate store anymore

So how can I find the right connector where this certificate is connected to and how can I change this certificate.

Message in eventviewer is: The STARTTLS certificate will expire soon: subject: <MB server name>, thumbprint: ####################, expires: 31-8-2020 23:59:59. Run the New-ExchangeCertificate cmdlet to create a new certificate.

Thanks so far

1 Reply
Highlighted
Best Response confirmed by Pascal Wenders (Contributor)
Solution

I've found the solution

With the command  Get-ReceiveConnector | select-object identity, TlsCertificateName I found the connectors with the certificate.

 

With the commands mentioned at https://practical365.com/exchange-server/configuring-the-tls-certificate-name-for-exchange-server-re... I had changed the certificate

 

The are:

$cert = Get-ExchangeCertificate -Thumbprint #########################
$tlscertificatename = "<i>$($cert.Issuer)<s>$($cert.Subject)"
Set-ReceiveConnector “Name of the receiver connector” -TlsCertificateName $tlscertificatename

 

Issue has been solved