New Edge Subscription fails withh error dubplicate certificate

Kenneth 0

i have 1 edge server en 2 mailbox servers both exchange 2019 and installed the same certificate on all servers , it is valid en the certificate contains all subject names

after creating the New-EdgeSubscription -FileName "C:\Data\EdgeSubscriptionInfo.xml" on both edge servers , i tgried to import the xml on the mailbox server but get en error :

User's image

1 answer

Mike Hu-MSFT 1,940 Reputation points Microsoft Vendor

2024-06-18T05:35:53.34+00:00

Hi Kenneth,

The error shows that “Sharing the same certificate between Edge and Hub Transport servers is not allowed”. I noticed that you installed the same certificate on all servers, that might cause the problem. So, I recommend you generate a new certificate and install the new certificate on the Edge Transport server. After that you can try to run New-EdgeSubscription again.

About generating new certificate, you can refer to: Certificate procedures in Exchange Server | Microsoft Learn

Please feel free to contact me for any updates.
Please sign in to rate this answer.
Kenneth 0 Reputation points

2024-06-18T12:43:56.6233333+00:00

we have a one third-party certificate , in our old 2016 environment we use the same certificate on edges and mailbox servers without any issues so why will it not work on new exchange 2019 environment ?

Mike Hu-MSFT 1,940 Reputation points Microsoft Vendor

2024-06-19T08:49:07.4733333+00:00

Microsoft officials did not elaborate on why the same certificate cannot be used, but they just emphasized this point. The certificate on Edge must be issued from the same CA and have the same subject name as the cert on the mailbox server, but they must be different certificates.

See: https://video2.skills-academy.com/en-us/exchange/certificate-requirements

"Each Edge transport server must use a certificate that shares the same issuing CA and the same subject for hybrid secure mail to function correctly."

And this article:https://www.informaticar.net/how-to-install-and-configure-edge-transport-on-microsoft-exchange-2019/

It also points out that "You should not use same certificate for both edge and mailbox server because you will get error like this.

If you use wildcard cert on the mailbox role (this is only example), you should create new certificate request and get for example edge.yourdomain.com or smtp.yourdomain.com certificate for the edge role (doesn’t have to be wildcard certificate and name is also provisory).

This also means that you will have to recreate edge subscription after you get new certificate."

Mike Hu-MSFT 1,940 Reputation points Microsoft Vendor

2024-06-25T01:24:30.65+00:00

If an answer has been helpful, please consider accepting the answer to help increase visibility of this question for other members of the Microsoft Q&A community. If not, please let us know what is still needed in the comments so the question can be answered. Thank you for helping to improve Microsoft Q&A!

Mike Hu-MSFT 1,940 Reputation points Microsoft Vendor

2024-06-26T09:00:00.46+00:00

Any updates so far? If you have solved your problem, could you share with us? Maybe it will help more people with similar problems. Don't forget to mark it as answer, this will be easy for other community members to find the useful one.
Sign in to comment

Share via

New Edge Subscription fails withh error dubplicate certificate

1 answer