SMTP certificate expired


I just inherited an Exchange 2013 server and I see that one of the certificates is expired. This one is the SMTP certificate and it's been issued by the domain controller which is the CA. I'm not aware of any issues with any services because of certificate being expired but I was wondering what it does and if I should renew it.

Thank you!
Alan DalaITAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Will SzymkowskiSenior Solution ArchitectCommented:
Is this the default cert that is used for your The only cert that really matters is the default one that you are using which has services assigned to it. So if the default cert is not expired you can leave the other one alone or just remove it entirely. If this is the "self signed certificate" then do not remove it, as it is required.

Alan DalaITAuthor Commented:
It doesn't look like the default one. It says: "Certification authority-signed certificate" and it's already expired. The 'self signed certificate' is still valid. Would it be worth getting a new one to replace the expired one? What would be the reason to have one in the first place? I'm not sure that I understand this 'certificate for smtp service' thing. What's actually certifying, that the email comes from the correct email server? As I mentioned, this is an internal certificate issued by the domain controller.

Thank you for the help!
Will SzymkowskiSenior Solution ArchitectCommented:
When you have an internal CA default certs are assigned to all machines, by default. The default cert will reference your virtual directories URL's that you have configured for Exchange. As long as the default certificate matches the URL's you have internally and externally and your default cert has not expired then you are fine.

You can just ignore that cert.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Alan DalaITAuthor Commented:
Thanks. Much appreciated.
Will SzymkowskiSenior Solution ArchitectCommented:
Not a problem. Glad to help!

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.