Remove and reinstall cert on Exchange 2010 server

Posted on 2012-03-16
Medium Priority
Last Modified: 2013-03-29
Upon deploying my first Exch 2010 server, I made the mistake of putting the wrong type of certficate on there. I went with a single cert...while this is working for the one feature (webmail), I would like to 're do' and put the proper UCC certificate on there.

With older Exchanges, you could run the IIS 'wizard', remove the old cert and just re-run and install the new one.

Is it a more complicated process with Exch 2010? Some guidelines would be appreciated.


Question by:tnorman
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
LVL 12

Accepted Solution

DLeaver earned 2000 total points
ID: 37731122
Follow these instructions to import the cert


And to assign the necessary services use this link (I recommend using EMS for this part)


Author Comment

ID: 37731139
Will this remove/handle the existing certificate?

Author Comment

ID: 37731208
I just checked the first link, and I don't think that is what I am looking for. I won't be installing a previously exported cert, rather installing a brand new one. I am concerned about the existing certificate that is already there when doing this.
Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

LVL 12

Expert Comment

ID: 37731318
Once the certificate is installed following the first link then go to the EMS and type


This will list all of the certificates installed and their thumbprint, including the old one no doubt

Then follow the second link to enable the exchange services you want the cert to handle

enable-exchangecertificate (thumbrint) -services (list the services that this cert will be responsible for)
LVL 12

Expert Comment

ID: 37731322
If you want to remove your old certificate then run the

Get-ExchangeCertificate cmd to list out the thumbprints and then use the Remove- command


Author Comment

ID: 37731328
Ah...that's what I was looking for.  Thanks, TN.

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

After hours on line I found a solution which pointed to the inherited Active Directory permissions . You have to give/allow permissions to the "Exchange trusted subsystem" for the user in the Active Directory...
This article will help to fix the below errors for MS Exchange Server 2013 I. Certificate error "name on the security certificate is invalid or does not match the name of the site" II. Out of Office not working III. Make Internal URLs and Externa…
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
Suggested Courses

800 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question