• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 687
  • Last Modified:

Exchange 2007 Disable Certificate/Remove

There's what looks like and old self signed certificate that I have installed on this client's Exchange 2007 server.  I think they used this when they first set the server up, but now they have a multiple domain UCC that has been enabled and used for their IIS, SMTP, POP services.  Everything is running great, but i want to clean up that old certificate so it's no longer seen as a viable cert in the store. Before I deleted I wanted to export it just as a backup, but I get the "cannot gain private access or it's not set as exportable".  I really just want this original certificate as a backup before I delete it.  I've tried to search to see if their's a server with CA on it, but there's none on the network, so I"m a little stuck as to the best method to move forward.
2 Solutions
I would recommend that you delete the old certificate without worrying about backing it up.  Should you need to use a self-signed certificate in the future again, you can use the Exchange 2007/2010 Management Shell command: New-ExchangeCertificate

This command will allow you to create a new self-signed certificate for use.
When we create a certificate using a New-ExchangeCertificate command from the EMS, there is a parameter that we need to include i.e. "-privatekeyexportable:$true". If this is skipped or set to false, then we get the same error as you are getting.

You can safely ignore this error and delete the certificate if you want to remove it as we can always create a self-signed certificate if required (though you will not require it since you already are using a UCC).

In case you don't want to delete it since you are unable to take the backup, you can leave it in it's place. It will not cause any conflicts or issues for you ;-)

Refer to this article for more information about the parameters that we can include while running the "New-ExchangeCertificate" command

Let us know how it goes.

Featured Post

Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now