SSL Certificates in Exchange 2010

I have a SSL certificate that shows expired in exchange 2010.  The certificate has no name, under self-signed shows false and services none.  I have 2 other certificates that are valid and using for services IMAP, POP, IIS and SMTP and the other for just SMTP.  Is it safe to delete the expired one since is is popping up errors on outlook that our certificate is expired even though the other 2 are valid and not expired?
dcitdirAsked:
Who is Participating?
 
Nick RhodeConnect With a Mentor IT DirectorCommented:
One thing you can do is open exchange powershell and use the Get-Exchangecertificate and see if it pops up.  If it doesn't you can just remove it but if it does it should contain a thumbprint.  Note that thumbprint and run: Remove-ExchangeCertificate -Thumbprint OIWJFWJFWJEOFWJELFJ <---Thumb print is a bunch of numbers and letters so this is just an example
0
 
dcitdirAuthor Commented:
Ok shows in the get-exchange certificate.  So removing it will not cause any issues with clients connecting via outlook?
0
 
ats2012Connect With a Mentor Commented:
The short answer is yes.  You can remove the expired certificate since it's expired and no services are associated with it.  I typically remove my expired cert when I renew it which is annually in my case.  You will need to purchase a new signed certificate for your environment.  

You didn't mention if the 2 valid certs were self signed?  I suspect the value is 'True' which means they were likely the certs that were installed with Exchange.  Which is why your outlook clients are getting the trust errors.  

Here is a good explanation:
http://exchangeserverpro.com/exchange-2010-ssl-certificates/
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
Nick RhodeIT DirectorCommented:
Shouldn't because its not assigned to any services the exchange server is using as stated above.  Just an advisory that I am not familiar with your environment or any other devices/3rd party software involved.  

If you perhaps were to have some sort of trouble with connecting you can just reimport/bind your current valid certificate.
0
 
dcitdirAuthor Commented:
1 is self signed and the other is signed by a CA and both are active with the services.
0
 
Nick RhodeIT DirectorCommented:
Which one is expired?  If that expired certificate does not show up in the Get-ExchangeCertificate Command then it is safe to remove it from EMC.

If the expired certificate does show up using the Get-ExchangeCertificate Command you will see its thumbprint.
0
 
ats2012Commented:
As NRhode said we aren't familiar with your environment.  The CA cert is another trusted root cert.  It  could be for an application in your environment.  A little on CA certs:
http://technet.microsoft.com/en-us/library/cc778623(v=ws.10).aspx

Either way, the other is self signed as you said.  You will likely need to follow the steps in the link provided to generate a cert request, then provide that doc to a third party to generate a valid certificate.  This is especially important if you are using OWA or active sync.
0
 
dcitdirAuthor Commented:
I removed the invalid certificate and things are still running smoothly.  Thanks for the help.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.