Exchange could not load the certificate with thumbprint Exchange could not load the certificate with thumbprint. Or as the warning message states in the logs:
Microsoft Exchange could not load the certificate with thumbprint of 59235427B7C322A8CFD7E1EB939445A2EAF9F670 from the personal store on the local computer.
Get the information
There's a few ways to get the information to see the current certificate list.
First is through the Exchange Management Shell (EMS):
- -type: get-exchangecertificate
You can see the same list in the Exchange Admin Center (EAC):
- EAC > servers > certificates
You can also see the same list in Internet Information Services (IIS):
- -click server-name (on the left-hand side).
- -click SERVER-CERTIFICATES (on the middle section).
Once you have the information displayed, find the thumbprint of the certificate you are using for email.
Fix the error
In EMS:
- -type: Enable-ExchangeCertificate -Thumbprint <new_certificate_thumbprint> -Services None
- -type: Enable-ExchangeCertificate -Thumbprint <new_certificate_thumbprint> -Services IMAP,POP,IIS,SMTP
Explanation
This error is actually coming from the configuration of the: get-transportservice
More specifically, the value at: get-transportservice |select InternalTransportCertificateThumbprint
In older versions this is called: get-transportserver
More specifically, the value at: get-transportserver |select InternalTransportCertificateThumbprint
With this command you will see the thumbprint of the certificate in the log.
Typing the commands above will replace this value with the new value.
For the curious, there is no fine-tuned fix. In other words, the following does not exist or work. Use the above commands:
set-transportservice InternalTransportCertificateThumbprint <new-certificate-thumbprint-here>