Solved

Exchange Server 2010 Certificates

Posted on 2016-09-29
5
46 Views
Last Modified: 2016-10-06
I'm working on an Exchange 2010 Server that has 5 certificates on it (see attached pic).

(all services run on the same box)

The GoDaddy cert that is expiring on 10/11/2016 was replaced with a new cert from GoDaddy that expires on 09/08/2021

After installing the new cert i wanted to remove the old cert, when i try i get the following message...

"The internal transport certificate cannot be removed because that would cause the Microsoft Exchange Transport service to stop. To replace the internal transport certificate, create a new certificate. The new certificate will automatically become the internal transport certificate. You can then remove the existing certificate."

How can i remove the old cert and clean up the other self signed certs?


Thanks

v
0
Comment
Question by:Vince Glisson
5 Comments
 
LVL 14

Accepted Solution

by:
Schnell Solutions earned 500 total points
ID: 41822122
You can create and use a self signed certificate for your SMTP service. As far as you create a new certificate compatible with the SMTP service the system will start using it automatically. Follow these steps:

1. Open an EMS window (Exchange Management Shell)
2. Create a new certificate for internal SMTP use using this command:
    New-ExchangeCertificate -IncludeServerFQDN -IncludeServerNetBIOSName

3. Try removing your old certificate again.

Note: the IIS services (and POP/IMAP if you use them) will not be affected with this process. They will continue using your GoDaddy certificate.
0
 
LVL 16

Expert Comment

by:Ivan
ID: 41822123
Hi,

you did not attach picture :)

I am guessing that you are traying to remove cert bound for smtp service, which is self signed by default?

Regards,
Ivan.
0
 
LVL 10

Author Comment

by:Vince Glisson
ID: 41822127
Oops, chose the file and forgot to upload...
Exchange-2010-Certificates.PNG
0
 
LVL 14

Expert Comment

by:Schnell Solutions
ID: 41822135
Remember the procedure...



You can create and use a self signed certificate for your SMTP service. As far as you create a new certificate compatible with the SMTP service the system will start using it automatically. Follow these steps:

1. Open an EMS window (Exchange Management Shell)
2. Create a new certificate for internal SMTP use using this command:
    New-ExchangeCertificate -IncludeServerFQDN -IncludeServerNetBIOSName

3. Try removing your old certificate again.

Note: the IIS services (and POP/IMAP if you use them) will not be affected with this process. They will continue using your GoDaddy certificate.
0
 
LVL 15

Expert Comment

by:Todd Nelson
ID: 41822169
If you have a cert issued by public CA and assigned the SMTP service, you can right click on the self-signed certificates and click remove.  Should remove without issue.

If you are replacing an expiring public CA cert, first assign the new cert IIS and SMTP services at a minimum.  On the expiring cert, right click to assign services and deselect the all of the services.  Now you should be able to remove the expiring cert without issue.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
In-place Upgrading Dirsync to Azure AD Connect
In this video we show how to create a Distribution Group in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >>…
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question