Solved

SSL Certificates in Exchange 2010

Posted on 2013-11-21
8
523 Views
Last Modified: 2013-11-25
I have a SSL certificate that shows expired in exchange 2010.  The certificate has no name, under self-signed shows false and services none.  I have 2 other certificates that are valid and using for services IMAP, POP, IIS and SMTP and the other for just SMTP.  Is it safe to delete the expired one since is is popping up errors on outlook that our certificate is expired even though the other 2 are valid and not expired?
0
Comment
Question by:dcitdir
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
8 Comments
 
LVL 22

Accepted Solution

by:
Nick Rhode earned 250 total points
ID: 39666584
One thing you can do is open exchange powershell and use the Get-Exchangecertificate and see if it pops up.  If it doesn't you can just remove it but if it does it should contain a thumbprint.  Note that thumbprint and run: Remove-ExchangeCertificate -Thumbprint OIWJFWJFWJEOFWJELFJ <---Thumb print is a bunch of numbers and letters so this is just an example
0
 

Author Comment

by:dcitdir
ID: 39666595
Ok shows in the get-exchange certificate.  So removing it will not cause any issues with clients connecting via outlook?
0
 

Assisted Solution

by:ats2012
ats2012 earned 250 total points
ID: 39666617
The short answer is yes.  You can remove the expired certificate since it's expired and no services are associated with it.  I typically remove my expired cert when I renew it which is annually in my case.  You will need to purchase a new signed certificate for your environment.  

You didn't mention if the 2 valid certs were self signed?  I suspect the value is 'True' which means they were likely the certs that were installed with Exchange.  Which is why your outlook clients are getting the trust errors.  

Here is a good explanation:
http://exchangeserverpro.com/exchange-2010-ssl-certificates/
0
What Is Transaction Monitoring and who needs it?

Synthetic Transaction Monitoring that you need for the day to day, which ensures your business website keeps running optimally, and that there is no downtime to impact your customer experience.

 
LVL 22

Expert Comment

by:Nick Rhode
ID: 39666624
Shouldn't because its not assigned to any services the exchange server is using as stated above.  Just an advisory that I am not familiar with your environment or any other devices/3rd party software involved.  

If you perhaps were to have some sort of trouble with connecting you can just reimport/bind your current valid certificate.
0
 

Author Comment

by:dcitdir
ID: 39666627
1 is self signed and the other is signed by a CA and both are active with the services.
0
 
LVL 22

Expert Comment

by:Nick Rhode
ID: 39666656
Which one is expired?  If that expired certificate does not show up in the Get-ExchangeCertificate Command then it is safe to remove it from EMC.

If the expired certificate does show up using the Get-ExchangeCertificate Command you will see its thumbprint.
0
 

Expert Comment

by:ats2012
ID: 39666668
As NRhode said we aren't familiar with your environment.  The CA cert is another trusted root cert.  It  could be for an application in your environment.  A little on CA certs:
http://technet.microsoft.com/en-us/library/cc778623(v=ws.10).aspx

Either way, the other is self signed as you said.  You will likely need to follow the steps in the link provided to generate a cert request, then provide that doc to a third party to generate a valid certificate.  This is especially important if you are using OWA or active sync.
0
 

Author Comment

by:dcitdir
ID: 39674550
I removed the invalid certificate and things are still running smoothly.  Thanks for the help.
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A list of top three free exchange EDB viewers that helps the user to extract a mailbox from an unmounted .edb file and get a clear preview of all emails & other items with just a single click on mailboxes.
After hours on line I found a solution which pointed to the inherited Active Directory permissions . You have to give/allow permissions to the "Exchange trusted subsystem" for the user in the Active Directory...
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question