I have Event ID 12018 MSExchangeTransport
The STARTTLS certificate will expire soon: subject: server.domain.com, thumbprint: E007AB795B4E288FB9E650E5C013C19D10198DA8, hours remaining: 1990. Run the New-ExchangeCertificate cmdlet to create a new certificate.
I am working to update the certificate. The certificate is specific to one connector as far as I can tell.
This connector is only for internal sending so we are using an internal CA for the cert. I've created a new certificate and it is installed on the server and available in Get-ExchangeCertificate.
Where I am hitting a roadblock is I want to add the cert but only where it is needed.
Using this command seems wrong, it prompts to replace other certs.
Enable-ExchangeCertificate -Thumbprint 0CB5EA71DF9CAD5FE68B20E6BC518790EECB73C4 -Services SMTP
So if this isn't it then maybe it is just updating the connector.
When I go to the list of connectors I can find the connector but it doesn't show the certificate is used.
RequireTLS : False
TlsCertificateName :
AuthMechanism : Tls, ExternalAuthoritative
If the connector is not setup for TLS and the Certificate is not specifically named how do I replace the expiring certificate? Why is it working right now?
I think in the past I updated this and did it wrong saying Yes to Enable-ExchangeCertificate for SMTP. Since the cert had DNS entries that are different than our regular domains mail started to fail. I had to go back and reenable the right cert using the same command to get it working again.
I'm trying to avoid this mistake again.