I recently had some trouble trying to renew the default Exchange 2007 self-signed certificate on our Hub Transport Server. I think I MAY have finally had some success, but, I want to make sure before I delete the old certificates.
My first question is, when you run a get-exchangecertificate command, should you only see ONE thumbprint? I currently see four. When I look at them, three say they expire in 2009 and one says September 2008. Im wondering if I can get rid of the other three?
Also, when I open CERTIFICATES in the MMC and look at Trusted Root Certification Authorities\Certificates, I see the Hub_Server@domain.com still says September 2008 (must be pointing to old certificate???). Could this be because Active Directory could take four hours to update? How I can test that the new certificate is actually working before deleting the old ones?