?
Solved

can I delete all expire cert in Exchange shell

Posted on 2014-04-24
7
Medium Priority
?
2,090 Views
Last Modified: 2014-04-24
hi,

I have renewed the self signed certificate in Exchange Server 2007 on our SBS 2008, and I found there is lots expired cert in the list. can I delete them all? and also I found in the server even log there show a error msg, is that caused by expired cert? I can receive and send email without any issue.

error msg is:

There is no valid SMTP Transport Layer Security (TLS) certificate for the FQDN of remote.xxx.com. The existing certificate for that FQDN has expired. The continued use of that FQDN will cause mail flow problems. A new certificate that contains the FQDN of remote.xxxx.com should be installed on this server as soon as possible. You can create a new certificate by using the New-ExchangeCertificate task.
cert.JPG
0
Comment
Question by:Simon Chen
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +1
7 Comments
 
LVL 9

Expert Comment

by:David Carr
ID: 40020147
Yes you can delete the expired certificates. I would disconnect them from any services(SMTP, IIS,IMAP, POP) and make sure that valid certificates are attached to each of the services you need.

Once the expired certificates have no services connected to them run the following from the Exchange Management shell

Remove-exchangecertificate –thumbprint xxxxxxxxxx 

Open in new window

where
0
 
LVL 29

Accepted Solution

by:
becraig earned 2000 total points
ID: 40020150
Yes you can and should remove expired certificates.

As to your second question see the link below for details step by step.

http://www.petenetlive.com/KB/Article/0000292.htm
0
 
LVL 16

Expert Comment

by:gurutc
ID: 40020151
I would make sure I had a new cert for all the in-use ones you have before deleting them.  If not for anything but to have their info to refer to when generating/requesting a new cert.

- gurutc
0
Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 

Author Comment

by:Simon Chen
ID: 40020171
here is my live cert, is that mean I have connect all the service? can i go ahead to delete the expired cert now or still need to check? and how to check it?
I have gone through all the cert and found the status is invalid.
cert2.JPG
0
 
LVL 29

Expert Comment

by:becraig
ID: 40020190
The link I provided above should give you a clear walkthrough on how to validate before you delete anything.
0
 
LVL 9

Expert Comment

by:David Carr
ID: 40020197
Type
get-exchangecertificate | fl 

Open in new window

in the Exchange Management Shell to check and see what services are connected to the certificate.
0
 

Author Closing Comment

by:Simon Chen
ID: 40020263
good support
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

After hours on line I found a solution which pointed to the inherited Active Directory permissions . You have to give/allow permissions to the "Exchange trusted subsystem" for the user in the Active Directory...
This article will help to fix the below errors for MS Exchange Server 2013 I. Certificate error "name on the security certificate is invalid or does not match the name of the site" II. Out of Office not working III. Make Internal URLs and Externa…
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question