Solved

SSL Certificates in Exchange 2010

Posted on 2013-11-21
8
516 Views
Last Modified: 2013-11-25
I have a SSL certificate that shows expired in exchange 2010.  The certificate has no name, under self-signed shows false and services none.  I have 2 other certificates that are valid and using for services IMAP, POP, IIS and SMTP and the other for just SMTP.  Is it safe to delete the expired one since is is popping up errors on outlook that our certificate is expired even though the other 2 are valid and not expired?
0
Comment
Question by:dcitdir
  • 3
  • 3
  • 2
8 Comments
 
LVL 22

Accepted Solution

by:
Nick Rhode earned 250 total points
ID: 39666584
One thing you can do is open exchange powershell and use the Get-Exchangecertificate and see if it pops up.  If it doesn't you can just remove it but if it does it should contain a thumbprint.  Note that thumbprint and run: Remove-ExchangeCertificate -Thumbprint OIWJFWJFWJEOFWJELFJ <---Thumb print is a bunch of numbers and letters so this is just an example
0
 

Author Comment

by:dcitdir
ID: 39666595
Ok shows in the get-exchange certificate.  So removing it will not cause any issues with clients connecting via outlook?
0
 

Assisted Solution

by:ats2012
ats2012 earned 250 total points
ID: 39666617
The short answer is yes.  You can remove the expired certificate since it's expired and no services are associated with it.  I typically remove my expired cert when I renew it which is annually in my case.  You will need to purchase a new signed certificate for your environment.  

You didn't mention if the 2 valid certs were self signed?  I suspect the value is 'True' which means they were likely the certs that were installed with Exchange.  Which is why your outlook clients are getting the trust errors.  

Here is a good explanation:
http://exchangeserverpro.com/exchange-2010-ssl-certificates/
0
NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

 
LVL 22

Expert Comment

by:Nick Rhode
ID: 39666624
Shouldn't because its not assigned to any services the exchange server is using as stated above.  Just an advisory that I am not familiar with your environment or any other devices/3rd party software involved.  

If you perhaps were to have some sort of trouble with connecting you can just reimport/bind your current valid certificate.
0
 

Author Comment

by:dcitdir
ID: 39666627
1 is self signed and the other is signed by a CA and both are active with the services.
0
 
LVL 22

Expert Comment

by:Nick Rhode
ID: 39666656
Which one is expired?  If that expired certificate does not show up in the Get-ExchangeCertificate Command then it is safe to remove it from EMC.

If the expired certificate does show up using the Get-ExchangeCertificate Command you will see its thumbprint.
0
 

Expert Comment

by:ats2012
ID: 39666668
As NRhode said we aren't familiar with your environment.  The CA cert is another trusted root cert.  It  could be for an application in your environment.  A little on CA certs:
http://technet.microsoft.com/en-us/library/cc778623(v=ws.10).aspx

Either way, the other is self signed as you said.  You will likely need to follow the steps in the link provided to generate a cert request, then provide that doc to a third party to generate a valid certificate.  This is especially important if you are using OWA or active sync.
0
 

Author Comment

by:dcitdir
ID: 39674550
I removed the invalid certificate and things are still running smoothly.  Thanks for the help.
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Local Continuous Replication is a cost effective and quick way of backing up Exchange server data. The following article describes the steps required to configure Local Continuous Replication. Also, the article tells you how to restore from a backup…
Read this checklist to learn more about the 15 things you should never include in an email signature.
In this video we show how to create a User Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Mailb…
This video discusses moving either the default database or any database to a new volume.

815 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now