can I delete all expire cert in Exchange shell

hi,

I have renewed the self signed certificate in Exchange Server 2007 on our SBS 2008, and I found there is lots expired cert in the list. can I delete them all? and also I found in the server even log there show a error msg, is that caused by expired cert? I can receive and send email without any issue.

error msg is:

There is no valid SMTP Transport Layer Security (TLS) certificate for the FQDN of remote.xxx.com. The existing certificate for that FQDN has expired. The continued use of that FQDN will cause mail flow problems. A new certificate that contains the FQDN of remote.xxxx.com should be installed on this server as soon as possible. You can create a new certificate by using the New-ExchangeCertificate task.
cert.JPG
Simon ChenNetwork AdministratorAsked:
Who is Participating?
 
becraigConnect With a Mentor Commented:
Yes you can and should remove expired certificates.

As to your second question see the link below for details step by step.

http://www.petenetlive.com/KB/Article/0000292.htm
0
 
David CarrCommented:
Yes you can delete the expired certificates. I would disconnect them from any services(SMTP, IIS,IMAP, POP) and make sure that valid certificates are attached to each of the services you need.

Once the expired certificates have no services connected to them run the following from the Exchange Management shell

Remove-exchangecertificate –thumbprint xxxxxxxxxx 

Open in new window

where
0
 
gurutcCommented:
I would make sure I had a new cert for all the in-use ones you have before deleting them.  If not for anything but to have their info to refer to when generating/requesting a new cert.

- gurutc
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
Simon ChenNetwork AdministratorAuthor Commented:
here is my live cert, is that mean I have connect all the service? can i go ahead to delete the expired cert now or still need to check? and how to check it?
I have gone through all the cert and found the status is invalid.
cert2.JPG
0
 
becraigCommented:
The link I provided above should give you a clear walkthrough on how to validate before you delete anything.
0
 
David CarrCommented:
Type
get-exchangecertificate | fl 

Open in new window

in the Exchange Management Shell to check and see what services are connected to the certificate.
0
 
Simon ChenNetwork AdministratorAuthor Commented:
good support
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.