Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Exchange 2010 certificates

Posted on 2013-05-22
9
Medium Priority
?
522 Views
Last Modified: 2013-06-14
I requested my cert (wildcard cert) via EMC, sent off to Verisign/Symantec and downloaded x509 approved cert, completed cert process by importing and assigning services across all cas hub servers - All looks well in EMC w/ green check marks beside the new extended cert w/ expiration date in year 2014 - (see attached screenshots)

BUT, when I run BPA, i get an alert reading "certificate expiry warning" - If I expand exclamation bang, it shows several URL's will not work b/c it is using the old cert, set to expire 6/8/2013 - This is reflected across ALL cas hub servers in the BPA report -

Did I miss something?? - I completed steps last evening, around 7:30pm and felt maybe some replication was involved, so checked again next day at 9:30am and it still shows errors -
Exchange2010-cert-warning.doc
0
Comment
Question by:SHAX
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
9 Comments
 

Author Comment

by:SHAX
ID: 39187619
Thanks for any help and support!!!
0
 
LVL 23

Accepted Solution

by:
Stelian Stan earned 2000 total points
ID: 39187699
Remove the old cert and make this one default.
0
 

Author Comment

by:SHAX
ID: 39188433
So just right click old, and choose "Remove"?? - Am I required to do anything else? And, will this need to be done after hours, b/c it may cause a blip or reassociation w/ users?
0
The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

 
LVL 23

Expert Comment

by:Stelian Stan
ID: 39188569
It's always better to do it after hours. You can do it using EAC or:

Get-ExchangeCertificate | fl

Open in new window

copy the thumbprint of that certificate, then:
Remove-ExchangeCertificate –Thumbprint (paste the previous cert thumbprint) 

Open in new window

0
 

Author Comment

by:SHAX
ID: 39201669
i believe EAC is Exchange 2013, I have Exchange 2010 w/ EMC - Via EMC, it appears all you have to do is right click and choose "Remove" -

Just weird, inside EMC it shows a blue check, making me believe Exchange is using that cert now, but BPA reports otherwise -
0
 
LVL 23

Expert Comment

by:Stelian Stan
ID: 39201676
YES. EAC is Exchange 2013. You can use EMC to remove the cert.
0
 

Author Comment

by:SHAX
ID: 39201686
and once removed, there is nothing else to do?

Thanks for continued help!!
0
 

Author Comment

by:SHAX
ID: 39208216
A bit confused, if anyone can add any clarity -

BPA reports ssl cert expiring, using old date (see attachment in 1st post) - But if I try using http://www.digicert.com/help/ and plug in FQDN of server name used for our mobile devices it comes back w/ the correct renewal year of 2014 - Looks great!! But why does BPA reflect otherwise?

I am going to remove old cert next week, after hours next week - But a consultant is telling me it will require services to be restarted - Is this true?? -

No post I've seen talks about removing old cert and/or process will require restarting Exchange services -

Thanks to anyone who responds - SSL cert expires 6/8/13 so any help is greatly appreciated -
0
 
LVL 23

Expert Comment

by:Stelian Stan
ID: 39210439
I don't think is necessary to restart the services after replacing the cert. I don't remember to restart the services after I replaced our cert.
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will help to fix the below errors for MS Exchange Server 2013 I. Certificate error "name on the security certificate is invalid or does not match the name of the site" II. Out of Office not working III. Make Internal URLs and Externa…
Want to know how to use Exchange Server Eseutil command? Go through this article as it gives you the know-how.
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
Suggested Courses

704 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question