Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!
Exchange 2010: Expired Certificate Still being used
hello
I am getting error id 24 in MSExchange Web Services on my Exchange 2010 SP3 server - says certificate expired. That certificate has expired but I renewed it and imported the new one and assigned all the services (except unified messaging which we don't use) to it.
Questions:
a) am OK to delete the old certificate?
b) why is it still being used for exchange Web Services (assume autodiscover and owa) when it does not have the IIS service role added to it?
I am getting error id 24 in MSExchange Web Services on my Exchange 2010 SP3 server - says certificate expired. That certificate has expired but I renewed it and imported the new one and assigned all the services (except unified messaging which we don't use) to it.
Questions:
a) am OK to delete the old certificate?
b) why is it still being used for exchange Web Services (assume autodiscover and owa) when it does not have the IIS service role added to it?
Do more with
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Did you use powershell, Enable-ExchageCertificate for all the services you're using?
You can remove the old one with Remove-ExchangeCertificate
You can remove the old one with Remove-ExchangeCertificate
Get-ExchangeCertificate | ft Subject,services,IsSelfSigned,NotAfter
Make sure expired certificate is not there.
If it is there remove it by
Remove-ExchangeCertificate -Thumbprint D18B16C10075CDE2B09BA575AF
Get-ExchangeCertificate | ft thumbprint,NotAfter
Enable services on the right certificate. You can change services based on your requirement.
Enable-ExchangeCertificate -Thumbprint <thumbprint> -Services IIS,SMTP,POP,IMAP
Hello OfflineGeek
No - I did it through the EMC by clicking "Assign Services to Certificate…" under the Actions pane. Is that not a good thing?
The old certificate is displaying as having SMTP, POP and IMAP assigned but not IIS - weird.
If I remove the old one will Exchange automagically use the new one for IIS?
No - I did it through the EMC by clicking "Assign Services to Certificate…" under the Actions pane. Is that not a good thing?
The old certificate is displaying as having SMTP, POP and IMAP assigned but not IIS - weird.
If I remove the old one will Exchange automagically use the new one for IIS?
If the certificate is not showing as being used for IIS, then you should remove it. Use remove-exchangecertificate
If Exchange then rejects that, saying you cannot remove the default SMTP certificate, simply run new-exchangecertificiate (no further options) and say yes to replace the default SMTP certificate. That will generate a new self signed certificate for internal SMTP use.
You can then remove the old certificate.
Don't forget to run iisreset afterwards.
Simon.
If Exchange then rejects that, saying you cannot remove the default SMTP certificate, simply run new-exchangecertificiate (no further options) and say yes to replace the default SMTP certificate. That will generate a new self signed certificate for internal SMTP use.
You can then remove the old certificate.
Don't forget to run iisreset afterwards.
Simon.
Premium Content
You need an Expert Office subscription to comment.Start Free Trial