boatasiaus
asked on
Sbs 2011/Exchange 2010 Self signed certificates
Have an SBS 2011 server that has started issuing Event 25 warnings for soon to be expiring certificates.
I have a 3rd party UCC certificate installed (GoDaddy) that is not due for renewal for another year so that is good. Based on the Exchange Management console (EMC) the GoDaddy cert is installed for IMAP, POP, SMTP and IIS services.
It seems the original self signed certificates are expiring. I assume these were generated during server set up. Listed services in EMC for these self signed certs are IMAP, POP, and SMTP.
Can I just remove these self signed certificates from EMC, or are they still needed, even though I have a 3rd party cert?
Is it safer just to go into the certificates MMC for the local computer and "Disable all purposes for this certificate"?
Thanks
I have a 3rd party UCC certificate installed (GoDaddy) that is not due for renewal for another year so that is good. Based on the Exchange Management console (EMC) the GoDaddy cert is installed for IMAP, POP, SMTP and IIS services.
It seems the original self signed certificates are expiring. I assume these were generated during server set up. Listed services in EMC for these self signed certs are IMAP, POP, and SMTP.
Can I just remove these self signed certificates from EMC, or are they still needed, even though I have a 3rd party cert?
Is it safer just to go into the certificates MMC for the local computer and "Disable all purposes for this certificate"?
Thanks
ASKER
Olaf
Thanks for the comment
Ran the fix my network wizard, and it found nothing wrong, other than not being able to open ports on the router (normal)
The certs are due to expire tomorrow, 2/23. Maybe Fix my network doesn't catch the problem until certs have actually expired, even though I am getting event 25 certificate expirations in Event viewer?
Ted
Thanks for the comment
Ran the fix my network wizard, and it found nothing wrong, other than not being able to open ports on the router (normal)
The certs are due to expire tomorrow, 2/23. Maybe Fix my network doesn't catch the problem until certs have actually expired, even though I am getting event 25 certificate expirations in Event viewer?
Ted
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hello Olaf
To resolve this, I used Eschange Management Shell, and manually used the get-exchangecertificate -thumbprint ThumbprintID | new-exchangecertificate
Had to do this for 5 certificates. All now show an expiration date 5 yrs out, as they should. Looking at EMC, all "renewed" certs have the proper original services attached to them.
The only question I have is the old expiring/expired certs still exist in EMC. Is it safe to delete these old certs, or should I just leave them? Will I continue to get event 25 warnings?
Thanks
Ted
To resolve this, I used Eschange Management Shell, and manually used the get-exchangecertificate -thumbprint ThumbprintID | new-exchangecertificate
Had to do this for 5 certificates. All now show an expiration date 5 yrs out, as they should. Looking at EMC, all "renewed" certs have the proper original services attached to them.
The only question I have is the old expiring/expired certs still exist in EMC. Is it safe to delete these old certs, or should I just leave them? Will I continue to get event 25 warnings?
Thanks
Ted
Hi Ted,
Running the "set my internet name" would have done the same.
Don't really know the answer on the old certificates. I assume they can be deleted, however the have never gotten in my way so I just leave them.
The warning should be gone from the moment your run the wizard.
If not please run the BPA. You might have some other issues there.
http://support.microsoft.com/kb/2673284
Olaf
Running the "set my internet name" would have done the same.
Don't really know the answer on the old certificates. I assume they can be deleted, however the have never gotten in my way so I just leave them.
The warning should be gone from the moment your run the wizard.
If not please run the BPA. You might have some other issues there.
http://support.microsoft.com/kb/2673284
Olaf
And for good measure:Home > Add trusted certificate>next>I want to REPLACE....>I want to use a certificate that is already installed on the server> Choose your GoDaddy cert> Finish
Hope that helps,
Olaf