Exchange 2007 Self-Signed Certificate Expired

Posted on 2008-11-03
Last Modified: 2013-11-30
I recently had some trouble trying to renew the default Exchange 2007 self-signed certificate on our Hub Transport Server.  I think I MAY have finally had some success, but, I want to make sure before I delete the old certificates.

My first question is, when you run a get-exchangecertificate command, should you only see ONE thumbprint?  I currently see four.  When I look at them, three say they expire in 2009 and one says September 2008.  Im wondering if I can get rid of the other three?

Also, when I open CERTIFICATES in the MMC and look at Trusted Root Certification Authorities\Certificates, I see the still says September 2008 (must be pointing to old certificate???).  Could this be because Active Directory could take four hours to update?  How I can test that the new certificate is actually working before deleting the old ones?


Question by:mccrear1
    LVL 15

    Expert Comment

    When you visit the website you should be able to look at the properties of the certificate that is securing it. There you can compare expiration date, identifying numbers, etc to the known good cert to see if they are the same. If they are then you can delete the other ones.

    Accepted Solution

    I'm not to familiar with this certificate thing.  What certificate website are you referring to?  All I've done so far is open a Certificate MMC and look at Certificates\Trusted Root Certification\Authorities\Certificates\  When I view it's properties, it tells me the certificate has expired or is not yet valid.

    If I do a get-exchangecertificate, I receive FOUR thumbprints,  Two say the expire on 11/3/2009, one says it expires on 9/22/2009, and one says it expires on 9/19/2008.  The 9/19/2008 date is the one I see on Certificates\Trusted Root Certification\Authorities\Certificates\

    I'm thinking I can delete the 9/19/2008 and 9/22/2009 certificates.  The 11/3/2009 are probably the ones I got to create successfullly on November 3rd?  One was the default certificate and the other was one I created for IIS.

    But, I'm not sure how to tell what certificates are in use, and what it is okay and not okay to delete.  Also, if I have newer certificates that expire in November 2009, why does my MMC still say the certicates has expired or is not yet valid (referring to the original cert installed 9/19/2007)???

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Do You Know the 4 Main Threat Actor Types?

    Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

    Suggested Solutions

    Set OWA language and time zone in Exchange for individuals, all users or per database.
    Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
    In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
    In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    22 Experts available now in Live!

    Get 1:1 Help Now