Announcement

Collapse
No announcement yet.

EventID 12018, STARTTLS certificate

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • EventID 12018, STARTTLS certificate

    hi *,

    In the event log I can see EventID 12018 -> this is a warning with the event description "The STARTTLS certificate will expire soon: subject: SVIEHUB1.domain.com, hours remaining: 951BC955C6A83E130AB675EA2CA7FD4E459F5C4B. Run the New-ExchangeCertificate cmdlet to create a new certificate."


    I've exported the list of certificates and it seems that the certificate will expire on 29.10.2010, also impacted services are IMAP, POP, IIS, SMTP.

    AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule , System
    .Security.AccessControl.CryptoKeyAccessRule, System.Securi
    ty.AccessControl.CryptoKeyAccessRule}
    CertificateDomains : {mail.domain.com, autodiscover.domain.com, hub1, hub1.domain.com, sviehub, hub.domain.com}
    HasPrivateKey : True
    IsSelfSigned : False
    Issuer : CN=SERVER01, DC=domain, DC=com
    NotAfter : 29.10.2010 11:27:10
    NotBefore : 29.10.2008 10:27:10
    PublicKeySize : 2048
    RootCAType : Enterprise
    SerialNumber : NNNNNNNNNNNNNNNNNNN
    Services : IMAP, POP, IIS, SMTP
    Status : Valid
    Subject : CN=mail.domain.com, O=Domain AG, C=com
    Thumbprint : XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX


    I'm running WS2008 & Exchange 2007
    hub1 has HT/CAS role
    mail.domain.com - address for external OWA.

    What to do next as I have no experience with certificates. Googled it but the answers found didn't cleared for me.

    Thanks in advance !
    Last edited by kogar; 20th October 2010, 13:45.

  • #2
    Re: EventID 12018, STARTTLS certificate

    You must have an internal CA, as what you have posted shows the certificate has been generated by an internal server, but isn't a self signed certificate.
    That isn't something that is setup lightly, so unless you didn't configure the server, you must have configured the CA.

    However I don't use any kind of self generated certificates for my deployments, I use a commercial certificate. This avoids any trust issues.

    http://blog.sembee.co.uk/post/Exchan...es-Take-2.aspx

    Simon.
    --
    Simon Butler
    Exchange MVP

    Blog: http://blog.sembee.co.uk/
    More Exchange Content: http://exchange.sembee.info/
    Exchange Resources List: http://exbpa.com/
    In the UK? Hire me: http://www.sembee.co.uk/

    Sembee is a registered trademark, used here with permission.

    Comment


    • #3
      Re: EventID 12018, STARTTLS certificate

      Thanks for your reply.
      And how can I generate a similar one ? should it be done from the Hub server (HUB1) or from the internal server (SERVER01).

      Thanks !

      Comment


      • #4
        Re: EventID 12018, STARTTLS certificate

        Couldn't tell you. I don't use internal CAs.

        Simon.
        --
        Simon Butler
        Exchange MVP

        Blog: http://blog.sembee.co.uk/
        More Exchange Content: http://exchange.sembee.info/
        Exchange Resources List: http://exbpa.com/
        In the UK? Hire me: http://www.sembee.co.uk/

        Sembee is a registered trademark, used here with permission.

        Comment


        • #5
          Re: EventID 12018, STARTTLS certificate

          Solved it by renewing the certificate from a CA.

          From this...Issuer : CN=SERVER01, DC=domain, DC=com

          After that all I had to do was to check Services and add missing ones (in my case was IIS, SMTP that were missing)

          /closed

          Comment

          Working...
          X