Solved

Exchange Server 2010 Certificates

Posted on 2016-09-29
5
51 Views
Last Modified: 2016-10-06
I'm working on an Exchange 2010 Server that has 5 certificates on it (see attached pic).

(all services run on the same box)

The GoDaddy cert that is expiring on 10/11/2016 was replaced with a new cert from GoDaddy that expires on 09/08/2021

After installing the new cert i wanted to remove the old cert, when i try i get the following message...

"The internal transport certificate cannot be removed because that would cause the Microsoft Exchange Transport service to stop. To replace the internal transport certificate, create a new certificate. The new certificate will automatically become the internal transport certificate. You can then remove the existing certificate."

How can i remove the old cert and clean up the other self signed certs?


Thanks

v
0
Comment
Question by:Vince Glisson
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 14

Accepted Solution

by:
Schnell Solutions earned 500 total points
ID: 41822122
You can create and use a self signed certificate for your SMTP service. As far as you create a new certificate compatible with the SMTP service the system will start using it automatically. Follow these steps:

1. Open an EMS window (Exchange Management Shell)
2. Create a new certificate for internal SMTP use using this command:
    New-ExchangeCertificate -IncludeServerFQDN -IncludeServerNetBIOSName

3. Try removing your old certificate again.

Note: the IIS services (and POP/IMAP if you use them) will not be affected with this process. They will continue using your GoDaddy certificate.
0
 
LVL 16

Expert Comment

by:Ivan
ID: 41822123
Hi,

you did not attach picture :)

I am guessing that you are traying to remove cert bound for smtp service, which is self signed by default?

Regards,
Ivan.
0
 
LVL 10

Author Comment

by:Vince Glisson
ID: 41822127
Oops, chose the file and forgot to upload...
Exchange-2010-Certificates.PNG
0
 
LVL 14

Expert Comment

by:Schnell Solutions
ID: 41822135
Remember the procedure...



You can create and use a self signed certificate for your SMTP service. As far as you create a new certificate compatible with the SMTP service the system will start using it automatically. Follow these steps:

1. Open an EMS window (Exchange Management Shell)
2. Create a new certificate for internal SMTP use using this command:
    New-ExchangeCertificate -IncludeServerFQDN -IncludeServerNetBIOSName

3. Try removing your old certificate again.

Note: the IIS services (and POP/IMAP if you use them) will not be affected with this process. They will continue using your GoDaddy certificate.
0
 
LVL 15

Expert Comment

by:Todd Nelson
ID: 41822169
If you have a cert issued by public CA and assigned the SMTP service, you can right click on the self-signed certificates and click remove.  Should remove without issue.

If you are replacing an expiring public CA cert, first assign the new cert IIS and SMTP services at a minimum.  On the expiring cert, right click to assign services and deselect the all of the services.  Now you should be able to remove the expiring cert without issue.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

MS Outlook is a world-class email client application that is mainly used for e-communication globally.  In this article, we will discuss the basic idea about MS Outlook, its advanced features, and types of MS Outlook File formats.
This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
In this video we show how to create a Distribution Group in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >>…
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…

737 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question