Exchange 2007 Disable Certificate/Remove

There's what looks like and old self signed certificate that I have installed on this client's Exchange 2007 server.  I think they used this when they first set the server up, but now they have a multiple domain UCC that has been enabled and used for their IIS, SMTP, POP services.  Everything is running great, but i want to clean up that old certificate so it's no longer seen as a viable cert in the store. Before I deleted I wanted to export it just as a backup, but I get the "cannot gain private access or it's not set as exportable".  I really just want this original certificate as a backup before I delete it.  I've tried to search to see if their's a server with CA on it, but there's none on the network, so I"m a little stuck as to the best method to move forward.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

I would recommend that you delete the old certificate without worrying about backing it up.  Should you need to use a self-signed certificate in the future again, you can use the Exchange 2007/2010 Management Shell command: New-ExchangeCertificate

This command will allow you to create a new self-signed certificate for use.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
When we create a certificate using a New-ExchangeCertificate command from the EMS, there is a parameter that we need to include i.e. "-privatekeyexportable:$true". If this is skipped or set to false, then we get the same error as you are getting.

You can safely ignore this error and delete the certificate if you want to remove it as we can always create a self-signed certificate if required (though you will not require it since you already are using a UCC).

In case you don't want to delete it since you are unable to take the backup, you can leave it in it's place. It will not cause any conflicts or issues for you ;-)

Refer to this article for more information about the parameters that we can include while running the "New-ExchangeCertificate" command

Let us know how it goes.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.