Solved

Exchange Server 2010 Certificates

Posted on 2016-09-29
5
32 Views
Last Modified: 2016-10-06
I'm working on an Exchange 2010 Server that has 5 certificates on it (see attached pic).

(all services run on the same box)

The GoDaddy cert that is expiring on 10/11/2016 was replaced with a new cert from GoDaddy that expires on 09/08/2021

After installing the new cert i wanted to remove the old cert, when i try i get the following message...

"The internal transport certificate cannot be removed because that would cause the Microsoft Exchange Transport service to stop. To replace the internal transport certificate, create a new certificate. The new certificate will automatically become the internal transport certificate. You can then remove the existing certificate."

How can i remove the old cert and clean up the other self signed certs?


Thanks

v
0
Comment
Question by:Vince Glisson
5 Comments
 
LVL 14

Accepted Solution

by:
Schnell Solutions earned 500 total points
Comment Utility
You can create and use a self signed certificate for your SMTP service. As far as you create a new certificate compatible with the SMTP service the system will start using it automatically. Follow these steps:

1. Open an EMS window (Exchange Management Shell)
2. Create a new certificate for internal SMTP use using this command:
    New-ExchangeCertificate -IncludeServerFQDN -IncludeServerNetBIOSName

3. Try removing your old certificate again.

Note: the IIS services (and POP/IMAP if you use them) will not be affected with this process. They will continue using your GoDaddy certificate.
0
 
LVL 15

Expert Comment

by:Ivan
Comment Utility
Hi,

you did not attach picture :)

I am guessing that you are traying to remove cert bound for smtp service, which is self signed by default?

Regards,
Ivan.
0
 
LVL 10

Author Comment

by:Vince Glisson
Comment Utility
Oops, chose the file and forgot to upload...
Exchange-2010-Certificates.PNG
0
 
LVL 14

Expert Comment

by:Schnell Solutions
Comment Utility
Remember the procedure...



You can create and use a self signed certificate for your SMTP service. As far as you create a new certificate compatible with the SMTP service the system will start using it automatically. Follow these steps:

1. Open an EMS window (Exchange Management Shell)
2. Create a new certificate for internal SMTP use using this command:
    New-ExchangeCertificate -IncludeServerFQDN -IncludeServerNetBIOSName

3. Try removing your old certificate again.

Note: the IIS services (and POP/IMAP if you use them) will not be affected with this process. They will continue using your GoDaddy certificate.
0
 
LVL 14

Expert Comment

by:Todd Nelson
Comment Utility
If you have a cert issued by public CA and assigned the SMTP service, you can right click on the self-signed certificates and click remove.  Should remove without issue.

If you are replacing an expiring public CA cert, first assign the new cert IIS and SMTP services at a minimum.  On the expiring cert, right click to assign services and deselect the all of the services.  Now you should be able to remove the expiring cert without issue.
0

Featured Post

How does your email signature look on mobiles?

Do your employees use mobile devices to reply to emails? With mobile becoming increasingly important to the business world, it is in your best interest to make sure that your email signature looks great across all types of devices.

Join & Write a Comment

We are happy to announce a brand new addition to our line of acclaimed email signature management products – CodeTwo Email Signatures for Office 365.
Not sure what the best email signature size is? Are you worried about email signature image size? Follow this best practice guide.
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now