Exchange 2007 Self-Signed Certificate Expired

I recently had some trouble trying to renew the default Exchange 2007 self-signed certificate on our Hub Transport Server.  I think I MAY have finally had some success, but, I want to make sure before I delete the old certificates.

My first question is, when you run a get-exchangecertificate command, should you only see ONE thumbprint?  I currently see four.  When I look at them, three say they expire in 2009 and one says September 2008.  Im wondering if I can get rid of the other three?

Also, when I open CERTIFICATES in the MMC and look at Trusted Root Certification Authorities\Certificates, I see the still says September 2008 (must be pointing to old certificate???).  Could this be because Active Directory could take four hours to update?  How I can test that the new certificate is actually working before deleting the old ones?


Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

When you visit the website you should be able to look at the properties of the certificate that is securing it. There you can compare expiration date, identifying numbers, etc to the known good cert to see if they are the same. If they are then you can delete the other ones.
mccrear1Author Commented:
I'm not to familiar with this certificate thing.  What certificate website are you referring to?  All I've done so far is open a Certificate MMC and look at Certificates\Trusted Root Certification\Authorities\Certificates\  When I view it's properties, it tells me the certificate has expired or is not yet valid.

If I do a get-exchangecertificate, I receive FOUR thumbprints,  Two say the expire on 11/3/2009, one says it expires on 9/22/2009, and one says it expires on 9/19/2008.  The 9/19/2008 date is the one I see on Certificates\Trusted Root Certification\Authorities\Certificates\

I'm thinking I can delete the 9/19/2008 and 9/22/2009 certificates.  The 11/3/2009 are probably the ones I got to create successfullly on November 3rd?  One was the default certificate and the other was one I created for IIS.

But, I'm not sure how to tell what certificates are in use, and what it is okay and not okay to delete.  Also, if I have newer certificates that expire in November 2009, why does my MMC still say the certicates has expired or is not yet valid (referring to the original cert installed 9/19/2007)???

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Email Protocols

From novice to tech pro — start learning today.