Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Exchange Server 2010 Certificates

Posted on 2016-09-29
5
Medium Priority
?
60 Views
Last Modified: 2016-10-06
I'm working on an Exchange 2010 Server that has 5 certificates on it (see attached pic).

(all services run on the same box)

The GoDaddy cert that is expiring on 10/11/2016 was replaced with a new cert from GoDaddy that expires on 09/08/2021

After installing the new cert i wanted to remove the old cert, when i try i get the following message...

"The internal transport certificate cannot be removed because that would cause the Microsoft Exchange Transport service to stop. To replace the internal transport certificate, create a new certificate. The new certificate will automatically become the internal transport certificate. You can then remove the existing certificate."

How can i remove the old cert and clean up the other self signed certs?


Thanks

v
0
Comment
Question by:Vince Glisson
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 14

Accepted Solution

by:
Schnell Solutions earned 2000 total points
ID: 41822122
You can create and use a self signed certificate for your SMTP service. As far as you create a new certificate compatible with the SMTP service the system will start using it automatically. Follow these steps:

1. Open an EMS window (Exchange Management Shell)
2. Create a new certificate for internal SMTP use using this command:
    New-ExchangeCertificate -IncludeServerFQDN -IncludeServerNetBIOSName

3. Try removing your old certificate again.

Note: the IIS services (and POP/IMAP if you use them) will not be affected with this process. They will continue using your GoDaddy certificate.
0
 
LVL 17

Expert Comment

by:Ivan
ID: 41822123
Hi,

you did not attach picture :)

I am guessing that you are traying to remove cert bound for smtp service, which is self signed by default?

Regards,
Ivan.
0
 
LVL 10

Author Comment

by:Vince Glisson
ID: 41822127
Oops, chose the file and forgot to upload...
Exchange-2010-Certificates.PNG
0
 
LVL 14

Expert Comment

by:Schnell Solutions
ID: 41822135
Remember the procedure...



You can create and use a self signed certificate for your SMTP service. As far as you create a new certificate compatible with the SMTP service the system will start using it automatically. Follow these steps:

1. Open an EMS window (Exchange Management Shell)
2. Create a new certificate for internal SMTP use using this command:
    New-ExchangeCertificate -IncludeServerFQDN -IncludeServerNetBIOSName

3. Try removing your old certificate again.

Note: the IIS services (and POP/IMAP if you use them) will not be affected with this process. They will continue using your GoDaddy certificate.
0
 
LVL 16

Expert Comment

by:Todd Nelson
ID: 41822169
If you have a cert issued by public CA and assigned the SMTP service, you can right click on the self-signed certificates and click remove.  Should remove without issue.

If you are replacing an expiring public CA cert, first assign the new cert IIS and SMTP services at a minimum.  On the expiring cert, right click to assign services and deselect the all of the services.  Now you should be able to remove the expiring cert without issue.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Unified and professional email signatures help maintain a consistent company brand image to the outside world. This article shows how to create an email signature in Exchange Server 2010 using a transport rule and how to overcome native limitations …
On September 18, Experts Exchange launched the first installment of the Help Bell, a new feature for Premium Members, Team Accounts, and Qualified Experts. The Help Bell will serve as an additional tool to help teams increase question visibility.
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
Suggested Courses

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question