already have a valid certificate but still error 12014

Sam 1 Reputation point
2022-02-28T22:56:52.747+00:00

hi
I have an on premise exchange server with server 2019 and exchange 2019, have renewed the certificate and assigned to receive connectors, making a new self signed certificate and again assign it to receive connectors , right now its on the renewed prebuilt certificate that exchange created but I still cant get the TLS running and get the 12014 error!
searching all over internet, what can be wrong? i would appreciate if anyone could help

exchange Version 15.2 (Build 986.5)

Microsoft Exchange could not find a certificate that contains the domain name <I>CN=mail.name.com<S>CN=mail.name.com in the personal store on the local computer. Therefore, it is unable to support the STARTTLS SMTP verb for the connector web-relay with a FQDN parameter of <I>CN=mail.name.com<S>CN=mail.name.com. If the connector's FQDN is not specified, the computer's FQDN is used. Verify the connector configuration and the installed certificates to make sure that there is a certificate with a domain name for that FQDN. If this certificate exists, run Enable-ExchangeCertificate -Services SMTP to make sure that the Microsoft Exchange Transport service has access to the certificate key.

Exchange Server Management
Exchange Server Management
Exchange Server: A family of Microsoft client/server messaging and collaboration software.Management: The act or process of organizing, handling, directing or controlling something.
7,386 questions
{count} votes

4 answers

Sort by: Most helpful
  1. Sam 1 Reputation point
    2022-02-28T23:23:26.03+00:00

    yes , and right now it is the default certificate installed with exchange
    it is enabled for use in smtp and assigned exact FQDN that is assigned in all receive connectors and is the FQDN of the server mail.name.com

    i used this method to assign certificate to receive connectors:
    https://practical365.com/configuring-the-tls-certificate-name-for-exchange-server-receive-connectors/


  2. Sam 1 Reputation point
    2022-03-01T00:11:29.793+00:00

    so I managed to make STARTTLS running, the certificate in the personal certificate was not trusted so i copy that to the trusted root certification authorities and the error is gone and in ehlo request i can see the STARTTLS

    0 comments No comments

  3. Andy David - MVP 142.7K Reputation points MVP
    2022-03-01T00:16:20.997+00:00

    Ok, so the cert wasnt a third party cert or internal CA? that makes sense then
    Glad you got it working.
    So that others can see:
    Make sure the certificate is trusted by the server!


  4. AHMADI BIN KATU MAHMUD Moe 1 Reputation point
    2022-03-01T06:21:51.553+00:00

    Maybe first need to restart the transportation service

    0 comments No comments