[Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 537
  • Last Modified:

SSL Certificates in Exchange 2010

I have a SSL certificate that shows expired in exchange 2010.  The certificate has no name, under self-signed shows false and services none.  I have 2 other certificates that are valid and using for services IMAP, POP, IIS and SMTP and the other for just SMTP.  Is it safe to delete the expired one since is is popping up errors on outlook that our certificate is expired even though the other 2 are valid and not expired?
0
dcitdir
Asked:
dcitdir
  • 3
  • 3
  • 2
2 Solutions
 
Nick RhodeIT DirectorCommented:
One thing you can do is open exchange powershell and use the Get-Exchangecertificate and see if it pops up.  If it doesn't you can just remove it but if it does it should contain a thumbprint.  Note that thumbprint and run: Remove-ExchangeCertificate -Thumbprint OIWJFWJFWJEOFWJELFJ <---Thumb print is a bunch of numbers and letters so this is just an example
0
 
dcitdirAuthor Commented:
Ok shows in the get-exchange certificate.  So removing it will not cause any issues with clients connecting via outlook?
0
 
ats2012Commented:
The short answer is yes.  You can remove the expired certificate since it's expired and no services are associated with it.  I typically remove my expired cert when I renew it which is annually in my case.  You will need to purchase a new signed certificate for your environment.  

You didn't mention if the 2 valid certs were self signed?  I suspect the value is 'True' which means they were likely the certs that were installed with Exchange.  Which is why your outlook clients are getting the trust errors.  

Here is a good explanation:
http://exchangeserverpro.com/exchange-2010-ssl-certificates/
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
Nick RhodeIT DirectorCommented:
Shouldn't because its not assigned to any services the exchange server is using as stated above.  Just an advisory that I am not familiar with your environment or any other devices/3rd party software involved.  

If you perhaps were to have some sort of trouble with connecting you can just reimport/bind your current valid certificate.
0
 
dcitdirAuthor Commented:
1 is self signed and the other is signed by a CA and both are active with the services.
0
 
Nick RhodeIT DirectorCommented:
Which one is expired?  If that expired certificate does not show up in the Get-ExchangeCertificate Command then it is safe to remove it from EMC.

If the expired certificate does show up using the Get-ExchangeCertificate Command you will see its thumbprint.
0
 
ats2012Commented:
As NRhode said we aren't familiar with your environment.  The CA cert is another trusted root cert.  It  could be for an application in your environment.  A little on CA certs:
http://technet.microsoft.com/en-us/library/cc778623(v=ws.10).aspx

Either way, the other is self signed as you said.  You will likely need to follow the steps in the link provided to generate a cert request, then provide that doc to a third party to generate a valid certificate.  This is especially important if you are using OWA or active sync.
0
 
dcitdirAuthor Commented:
I removed the invalid certificate and things are still running smoothly.  Thanks for the help.
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

  • 3
  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now