Cleaning up self signed SSL's in SBS 2011

Posted on 2011-10-28
Last Modified: 2012-06-08
I've purchased and installed a SAN SSL cert, which includes the external FQDN, external autodiscover, internal FQDN, internal netbios name, and internal autodiscover.

It's installed and assigned for IMAP, POP, IIS, and SMTP, simply since those were the default services the self signed one from the install was assigned to.

Default install left me with six SSL certs before purchasing a third party one, and I assume the ones it generated for the subject names I've replaced with a valid third party cert can be deleted, but there are a couple I want to double check about since I'm assuming I need to just leave them in place since they appear to be other system level ones not associated with any normal subject name.

One is self signed with the internal local FQDN of the server, but also has a SAN showing "Other name" DS Object GUID=<long string> as well as that internal FQDN and was assigned SMTP only.

One is a subject "Sites" with a SAN showing DNS name sites, and a DNS name of the internal FQDN.  Assigned SMTP only

One is a subject hame that has the "internal netbios name of the domain - internal netbios name of the server - CA" and has no subject alternate names.  No services are assigned to this.

Last one in question the subject is "CN = WMSvc=WIN-<11 digit string>  with no SAN and no services assigned to it.

The main one that was assigned the same services as my purchased SSL I already removed as it was just the normal names which i was replacing, but these other ones I didn't want to touch until I knew what functions they served.  I don't mind leaving things on the server since it's working, but if any of these can be removed now that we have the SAN SSL, I'd like to do so simply to keep them from throwing nags in the logs when they expire in a year or two.

Thanks for any information.

Question by:networkspecialists
    LVL 77

    Accepted Solution

    If you ever re-run the "configure my internet address wizard" it will re-generate self signed certificates. There is no need to remove these. As for removing all internal certificates, that can be very risky some are used internally "behind the scenes".

    Author Comment

    I'm aware of this, i'm just trying to find out which are the ones that are required for behind the scenes - I would like to remove the self signed ones that I essentially replaced with the purchased third party cert.  That's why I posed the question as I did - trying to find out which ones are not needed if I've got the third party cert so that I don't have errors nagging the event logs in a year or two when the unused self signed ones expire.  Would rather proactively remove that is *not needed* and just let the 3 year SAN cert handle what it can.

    Featured Post

    IT, Stop Being Called Into Every Meeting

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Join & Write a Comment

    This guide is intended for migrating Windows 2003 Standard with Exchange 2003 to Windows Small Business Server 2008. You will need the following: Exchange Best Practice Analyzer:…
    Because virtualization becomes more and more common, and, with Microsoft Hyper-V included in Windows Server at no additional costs, and, most server hardware nowadays is more than capable of running a physical Small Business Server (SBS) 2008 or 201…
    how to add IIS SMTP to handle application/Scanner relays into office 365.
    Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…

    746 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now