Exchange Server 2010 Certificates

I'm working on an Exchange 2010 Server that has 5 certificates on it (see attached pic).

(all services run on the same box)

The GoDaddy cert that is expiring on 10/11/2016 was replaced with a new cert from GoDaddy that expires on 09/08/2021

After installing the new cert i wanted to remove the old cert, when i try i get the following message...

"The internal transport certificate cannot be removed because that would cause the Microsoft Exchange Transport service to stop. To replace the internal transport certificate, create a new certificate. The new certificate will automatically become the internal transport certificate. You can then remove the existing certificate."

How can i remove the old cert and clean up the other self signed certs?


Thanks

v
LVL 10
Vince GlissonOwnerAsked:
Who is Participating?
 
Schnell SolutionsConnect With a Mentor Systems Infrastructure EngineerCommented:
You can create and use a self signed certificate for your SMTP service. As far as you create a new certificate compatible with the SMTP service the system will start using it automatically. Follow these steps:

1. Open an EMS window (Exchange Management Shell)
2. Create a new certificate for internal SMTP use using this command:
    New-ExchangeCertificate -IncludeServerFQDN -IncludeServerNetBIOSName

3. Try removing your old certificate again.

Note: the IIS services (and POP/IMAP if you use them) will not be affected with this process. They will continue using your GoDaddy certificate.
0
 
IvanSystem EngineerCommented:
Hi,

you did not attach picture :)

I am guessing that you are traying to remove cert bound for smtp service, which is self signed by default?

Regards,
Ivan.
0
 
Vince GlissonOwnerAuthor Commented:
Oops, chose the file and forgot to upload...
Exchange-2010-Certificates.PNG
0
 
Schnell SolutionsSystems Infrastructure EngineerCommented:
Remember the procedure...



You can create and use a self signed certificate for your SMTP service. As far as you create a new certificate compatible with the SMTP service the system will start using it automatically. Follow these steps:

1. Open an EMS window (Exchange Management Shell)
2. Create a new certificate for internal SMTP use using this command:
    New-ExchangeCertificate -IncludeServerFQDN -IncludeServerNetBIOSName

3. Try removing your old certificate again.

Note: the IIS services (and POP/IMAP if you use them) will not be affected with this process. They will continue using your GoDaddy certificate.
0
 
Todd NelsonSystems EngineerCommented:
If you have a cert issued by public CA and assigned the SMTP service, you can right click on the self-signed certificates and click remove.  Should remove without issue.

If you are replacing an expiring public CA cert, first assign the new cert IIS and SMTP services at a minimum.  On the expiring cert, right click to assign services and deselect the all of the services.  Now you should be able to remove the expiring cert without issue.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.