SHAX
asked on
Exchange 2010 certificates
I requested my cert (wildcard cert) via EMC, sent off to Verisign/Symantec and downloaded x509 approved cert, completed cert process by importing and assigning services across all cas hub servers - All looks well in EMC w/ green check marks beside the new extended cert w/ expiration date in year 2014 - (see attached screenshots)
BUT, when I run BPA, i get an alert reading "certificate expiry warning" - If I expand exclamation bang, it shows several URL's will not work b/c it is using the old cert, set to expire 6/8/2013 - This is reflected across ALL cas hub servers in the BPA report -
Did I miss something?? - I completed steps last evening, around 7:30pm and felt maybe some replication was involved, so checked again next day at 9:30am and it still shows errors -
Exchange2010-cert-warning.doc
BUT, when I run BPA, i get an alert reading "certificate expiry warning" - If I expand exclamation bang, it shows several URL's will not work b/c it is using the old cert, set to expire 6/8/2013 - This is reflected across ALL cas hub servers in the BPA report -
Did I miss something?? - I completed steps last evening, around 7:30pm and felt maybe some replication was involved, so checked again next day at 9:30am and it still shows errors -
Exchange2010-cert-warning.doc
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
So just right click old, and choose "Remove"?? - Am I required to do anything else? And, will this need to be done after hours, b/c it may cause a blip or reassociation w/ users?
It's always better to do it after hours. You can do it using EAC or:
Get-ExchangeCertificate | flRemove-ExchangeCertificate –Thumbprint (paste the previous cert thumbprint) ASKER
i believe EAC is Exchange 2013, I have Exchange 2010 w/ EMC - Via EMC, it appears all you have to do is right click and choose "Remove" -
Just weird, inside EMC it shows a blue check, making me believe Exchange is using that cert now, but BPA reports otherwise -
Just weird, inside EMC it shows a blue check, making me believe Exchange is using that cert now, but BPA reports otherwise -
YES. EAC is Exchange 2013. You can use EMC to remove the cert.
ASKER
and once removed, there is nothing else to do?
Thanks for continued help!!
Thanks for continued help!!
ASKER
A bit confused, if anyone can add any clarity -
BPA reports ssl cert expiring, using old date (see attachment in 1st post) - But if I try using http://www.digicert.com/help/ and plug in FQDN of server name used for our mobile devices it comes back w/ the correct renewal year of 2014 - Looks great!! But why does BPA reflect otherwise?
I am going to remove old cert next week, after hours next week - But a consultant is telling me it will require services to be restarted - Is this true?? -
No post I've seen talks about removing old cert and/or process will require restarting Exchange services -
Thanks to anyone who responds - SSL cert expires 6/8/13 so any help is greatly appreciated -
BPA reports ssl cert expiring, using old date (see attachment in 1st post) - But if I try using http://www.digicert.com/help/ and plug in FQDN of server name used for our mobile devices it comes back w/ the correct renewal year of 2014 - Looks great!! But why does BPA reflect otherwise?
I am going to remove old cert next week, after hours next week - But a consultant is telling me it will require services to be restarted - Is this true?? -
No post I've seen talks about removing old cert and/or process will require restarting Exchange services -
Thanks to anyone who responds - SSL cert expires 6/8/13 so any help is greatly appreciated -
I don't think is necessary to restart the services after replacing the cert. I don't remember to restart the services after I replaced our cert.
ASKER