Exchange 2007 Self-Signed Certificate Expired

Posted on 2008-11-03
Medium Priority
Last Modified: 2013-11-30
I recently had some trouble trying to renew the default Exchange 2007 self-signed certificate on our Hub Transport Server.  I think I MAY have finally had some success, but, I want to make sure before I delete the old certificates.

My first question is, when you run a get-exchangecertificate command, should you only see ONE thumbprint?  I currently see four.  When I look at them, three say they expire in 2009 and one says September 2008.  Im wondering if I can get rid of the other three?

Also, when I open CERTIFICATES in the MMC and look at Trusted Root Certification Authorities\Certificates, I see the Hub_Server@domain.com still says September 2008 (must be pointing to old certificate???).  Could this be because Active Directory could take four hours to update?  How I can test that the new certificate is actually working before deleting the old ones?


Question by:mccrear1
LVL 14

Expert Comment

ID: 22872531
When you visit the website you should be able to look at the properties of the certificate that is securing it. There you can compare expiration date, identifying numbers, etc to the known good cert to see if they are the same. If they are then you can delete the other ones.

Accepted Solution

mccrear1 earned 0 total points
ID: 22875978
I'm not to familiar with this certificate thing.  What certificate website are you referring to?  All I've done so far is open a Certificate MMC and look at Certificates\Trusted Root Certification\Authorities\Certificates\HUBserver@domain.com.  When I view it's properties, it tells me the certificate has expired or is not yet valid.

If I do a get-exchangecertificate, I receive FOUR thumbprints,  Two say the expire on 11/3/2009, one says it expires on 9/22/2009, and one says it expires on 9/19/2008.  The 9/19/2008 date is the one I see on Certificates\Trusted Root Certification\Authorities\Certificates\HUBserver@domain.com.

I'm thinking I can delete the 9/19/2008 and 9/22/2009 certificates.  The 11/3/2009 are probably the ones I got to create successfullly on November 3rd?  One was the default certificate and the other was one I created for IIS.

But, I'm not sure how to tell what certificates are in use, and what it is okay and not okay to delete.  Also, if I have newer certificates that expire in November 2009, why does my MMC still say the certicates has expired or is not yet valid (referring to the original cert installed 9/19/2007)???

Featured Post

Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to effectively resolve the number one email related issue received by helpdesks.
Steps to fix error: “Couldn’t mount the database that you specified. Specified database: HU-DB; Error code: An Active Manager operation fail”
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…
Whether it be Exchange Server Crash Issues, Dirty Shutdown Errors or Failed to mount error, Stellar Phoenix Mailbox Exchange Recovery has always got your back. With the help of its easy to understand user interface and 3 simple steps recovery proced…
Suggested Courses

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question