Solved

Sbs 2011/Exchange 2010 Self signed certificates

Posted on 2014-02-21
5
1,087 Views
Last Modified: 2014-02-24
Have an SBS 2011 server that has started issuing Event 25 warnings for soon to be expiring certificates.

I have a 3rd party UCC certificate installed (GoDaddy) that is not due for renewal for another year so that is good.  Based on the Exchange Management console (EMC) the GoDaddy cert is installed for IMAP, POP, SMTP and IIS services.

It seems the original self signed certificates are expiring.  I assume these were generated during server set up.  Listed services in EMC for these self signed certs are IMAP, POP, and SMTP.

Can I just remove these self signed certificates from EMC, or are they still needed, even though I have a 3rd party cert?

Is it safer just to go into the certificates MMC for the local computer and "Disable all purposes for this certificate"?

Thanks
0
Comment
Question by:boatasiaus
  • 3
  • 2
5 Comments
 
LVL 22

Expert Comment

by:Olaf De Ceuster
ID: 39878821
Run the Fix my network wizard.\: Console> Network>Connectivity>Fix my network
And for good measure:Home > Add trusted certificate>next>I  want to REPLACE....>I want to use a certificate that is already installed on the server> Choose your GoDaddy cert> Finish
Hope that helps,
Olaf
0
 

Author Comment

by:boatasiaus
ID: 39879239
Olaf

Thanks for the comment

Ran the fix my network wizard, and it found nothing wrong, other than not being able to open ports on the router (normal)

The certs are due to expire tomorrow, 2/23.  Maybe Fix my network doesn't catch the problem until certs have actually expired, even though I am getting event 25 certificate expirations in Event viewer?

Ted
0
 
LVL 22

Accepted Solution

by:
Olaf De Ceuster earned 500 total points
ID: 39879738
Hi Ted,

Please run the "set my internet address " wizard and you have to followup with
Install new certificate wizard:
Home > Add trusted certificate>next>I  want to REPLACE....>I want to use a certificate that is already installed on the server> Choose your GoDaddy cert> Finish
That will renew all certs: Local and Godaddy.
Let me know?
Olaf
0
 

Author Comment

by:boatasiaus
ID: 39879808
Hello Olaf

To resolve this, I used Eschange Management Shell, and manually used the get-exchangecertificate -thumbprint ThumbprintID | new-exchangecertificate

Had to do this for 5 certificates.  All now show an expiration date 5 yrs out, as they should.  Looking at EMC, all "renewed" certs have the proper original services attached to them.

The only question I have is the old expiring/expired certs still exist in EMC.  Is it safe to delete these old certs, or should I just leave them?  Will I continue to get event 25 warnings?

Thanks
Ted
0
 
LVL 22

Expert Comment

by:Olaf De Ceuster
ID: 39879890
Hi Ted,

Running the "set my internet name" would have done the same.
Don't really know the answer on the old certificates. I assume they can be deleted, however the have never gotten in my way so I just leave them.
The warning should be gone from the moment your run the wizard.
If not please run the BPA. You might have some other issues there.
http://support.microsoft.com/kb/2673284
Olaf
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This guide is intended to provide step by step instructions on how to migrate from Small Business Server 2003 to Small Business Server 2011. NOTE: This guide has been written using the preview version of SBS2011 therefore some of the screens may …
The problem of the system drive in SBS 2003 getting full continues to be an issue, even though SBS 2008 and SBS 2011 are both in the market place.  There are several solutions to this, including adding additional drive space or using third party uti…
This tutorial gives a high-level tour of the interface of Marketo (a marketing automation tool to help businesses track and engage prospective customers and drive them to purchase). You will see the main areas including Marketing Activities, Design …
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question