Solved

SSL Certificates in Exchange 2010

Posted on 2013-11-21
8
519 Views
Last Modified: 2013-11-25
I have a SSL certificate that shows expired in exchange 2010.  The certificate has no name, under self-signed shows false and services none.  I have 2 other certificates that are valid and using for services IMAP, POP, IIS and SMTP and the other for just SMTP.  Is it safe to delete the expired one since is is popping up errors on outlook that our certificate is expired even though the other 2 are valid and not expired?
0
Comment
Question by:dcitdir
  • 3
  • 3
  • 2
8 Comments
 
LVL 22

Accepted Solution

by:
Nick Rhode earned 250 total points
ID: 39666584
One thing you can do is open exchange powershell and use the Get-Exchangecertificate and see if it pops up.  If it doesn't you can just remove it but if it does it should contain a thumbprint.  Note that thumbprint and run: Remove-ExchangeCertificate -Thumbprint OIWJFWJFWJEOFWJELFJ <---Thumb print is a bunch of numbers and letters so this is just an example
0
 

Author Comment

by:dcitdir
ID: 39666595
Ok shows in the get-exchange certificate.  So removing it will not cause any issues with clients connecting via outlook?
0
 

Assisted Solution

by:ats2012
ats2012 earned 250 total points
ID: 39666617
The short answer is yes.  You can remove the expired certificate since it's expired and no services are associated with it.  I typically remove my expired cert when I renew it which is annually in my case.  You will need to purchase a new signed certificate for your environment.  

You didn't mention if the 2 valid certs were self signed?  I suspect the value is 'True' which means they were likely the certs that were installed with Exchange.  Which is why your outlook clients are getting the trust errors.  

Here is a good explanation:
http://exchangeserverpro.com/exchange-2010-ssl-certificates/
0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 
LVL 22

Expert Comment

by:Nick Rhode
ID: 39666624
Shouldn't because its not assigned to any services the exchange server is using as stated above.  Just an advisory that I am not familiar with your environment or any other devices/3rd party software involved.  

If you perhaps were to have some sort of trouble with connecting you can just reimport/bind your current valid certificate.
0
 

Author Comment

by:dcitdir
ID: 39666627
1 is self signed and the other is signed by a CA and both are active with the services.
0
 
LVL 22

Expert Comment

by:Nick Rhode
ID: 39666656
Which one is expired?  If that expired certificate does not show up in the Get-ExchangeCertificate Command then it is safe to remove it from EMC.

If the expired certificate does show up using the Get-ExchangeCertificate Command you will see its thumbprint.
0
 

Expert Comment

by:ats2012
ID: 39666668
As NRhode said we aren't familiar with your environment.  The CA cert is another trusted root cert.  It  could be for an application in your environment.  A little on CA certs:
http://technet.microsoft.com/en-us/library/cc778623(v=ws.10).aspx

Either way, the other is self signed as you said.  You will likely need to follow the steps in the link provided to generate a cert request, then provide that doc to a third party to generate a valid certificate.  This is especially important if you are using OWA or active sync.
0
 

Author Comment

by:dcitdir
ID: 39674550
I removed the invalid certificate and things are still running smoothly.  Thanks for the help.
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
how to add IIS SMTP to handle application/Scanner relays into office 365.

837 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question