problem with exchange certificate expiration

Posted on 2011-04-28
Last Modified: 2012-05-11
I am receiving an alert that a certificate on my hub transports is expiring, when I ran get-exchangecertificates, the cert in question showed a Status of DateInvalid, as shown below. How can i fix this? Thank you.

NotAfter           : 3/20/2011 2:52:53 PM
NotBefore          : 3/20/2009 2:22:55 PM
RootCAType         : ThirdParty
Services           : IMAP, POP, SMTP
Status             : DateInvalid
Question by:cyberleo2000
    LVL 6

    Expert Comment

    by:J P
    hey mate, according to he output, that certificate is showing as expired [3/20/2011], you should get a new one to replace it

    Author Comment

    I understand that, what I don't understand is the DATEINVALID status. Other expired certs show a status of INVALID. I would like to know the difference. Thanks.
    LVL 6

    Expert Comment

    by:J P
    a status code of DATEINVALID literally means either the certifcate has expired or the date on the machine is past the certificate date

    a status code of INVALID can be for other reasons also, an example would be the certificate chain cannot be validated or is not trusted

    Author Comment

    Ok, I understand, thank you. This brings up another question. There are 5 certs on my hub transport. Only 2 of them have a status of valid. One lists IMAP, POP and IIS after Services and the other lists IMAP, POP and SMTP.

    Does this mean I can delete the other 3? Since they are invalid, they are no doing anything, correct?
    LVL 6

    Accepted Solution

    some certificates can still be utilised by services even though expired/invalid
    if there are no complaints/issues around these invalid certificates, it doesnt hurt to keep them
    normally when considering a tidyup, i would tend to export uneeded certificates and then remove
    that way there is a backup copy for reference later on if required

    Featured Post

    What Is Threat Intelligence?

    Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

    Join & Write a Comment

    Granting full access permission allows users to access mailboxes present in their database. By giving full access permission one can open and read the content of any mailbox but cannot send emails from that mailbox.
    You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
    To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
    In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…

    728 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    21 Experts available now in Live!

    Get 1:1 Help Now