Exchange Server 2010 Certificates
I'm working on an Exchange 2010 Server that has 5 certificates on it (see attached pic).
(all services run on the same box)
The GoDaddy cert that is expiring on 10/11/2016 was replaced with a new cert from GoDaddy that expires on 09/08/2021
After installing the new cert i wanted to remove the old cert, when i try i get the following message...
"The internal transport certificate cannot be removed because that would cause the Microsoft Exchange Transport service to stop. To replace the internal transport certificate, create a new certificate. The new certificate will automatically become the internal transport certificate. You can then remove the existing certificate."
How can i remove the old cert and clean up the other self signed certs?
Thanks
v
(all services run on the same box)
The GoDaddy cert that is expiring on 10/11/2016 was replaced with a new cert from GoDaddy that expires on 09/08/2021
After installing the new cert i wanted to remove the old cert, when i try i get the following message...
"The internal transport certificate cannot be removed because that would cause the Microsoft Exchange Transport service to stop. To replace the internal transport certificate, create a new certificate. The new certificate will automatically become the internal transport certificate. You can then remove the existing certificate."
How can i remove the old cert and clean up the other self signed certs?
Thanks
v
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Oops, chose the file and forgot to upload...
Exchange-2010-Certificates.PNG
Exchange-2010-Certificates.PNG
Remember the procedure...
You can create and use a self signed certificate for your SMTP service. As far as you create a new certificate compatible with the SMTP service the system will start using it automatically. Follow these steps:
1. Open an EMS window (Exchange Management Shell)
2. Create a new certificate for internal SMTP use using this command:
New-ExchangeCertificate -IncludeServerFQDN -IncludeServerNetBIOSName
3. Try removing your old certificate again.
Note: the IIS services (and POP/IMAP if you use them) will not be affected with this process. They will continue using your GoDaddy certificate.
1. Open an EMS window (Exchange Management Shell)
2. Create a new certificate for internal SMTP use using this command:
New-ExchangeCertificate -IncludeServerFQDN -IncludeServerNetBIOSName
3. Try removing your old certificate again.
Note: the IIS services (and POP/IMAP if you use them) will not be affected with this process. They will continue using your GoDaddy certificate.
If you have a cert issued by public CA and assigned the SMTP service, you can right click on the self-signed certificates and click remove. Should remove without issue.
If you are replacing an expiring public CA cert, first assign the new cert IIS and SMTP services at a minimum. On the expiring cert, right click to assign services and deselect the all of the services. Now you should be able to remove the expiring cert without issue.
If you are replacing an expiring public CA cert, first assign the new cert IIS and SMTP services at a minimum. On the expiring cert, right click to assign services and deselect the all of the services. Now you should be able to remove the expiring cert without issue.
you did not attach picture :)
I am guessing that you are traying to remove cert bound for smtp service, which is self signed by default?
Regards,
Ivan.