I had this question after viewing
SBS2011 - Expired Certificates - MSExchange Web Services Event ID 24.
My issue is that I get this error message in my daily reports:
MSExchange Web Services 24 08/03/2017 14:48:27 42
Event Details:
The Exchange certificate [Subject] CN=Graham Sivill, OU=SBSUsers, OU=Users, OU=MyBusiness, DC=direct-ifc, DC=local [Issuer] CN=direct-ifc-DIRECTSERVER
-CA [Serial Number] 23ABEFA6000100000012 [Not Before] 23/06/2014 11:23:58 [Not After] 23/06/2015 11:23:58 [Thumbprint] 00BC42E5C2B89AF7905F4F1DD6
9832DFD60B
2EBE expired on 23/06/2015 11:23:58.
So reading up the fix for this error I ran this EMS command:
Remove-ExchangeCertificate
-Server DirectServer -Thumbprint 00BC42E5C2B89AF7905F4F1DD6
9832DFD60B
2EBE
This gets the response:
Confirm
Are you sure you want to perform this action?
Remove certificate with thumbprint 00BC42E5C2B89AF7905F4F1DD6
9832DFD60B
2EBE from the computer's certificate store?
[Y] Yes [A] Yes to All [N] No [L] No to All [?] Help (default is "Y"): y
The certificate with thumbprint 00BC42E5C2B89AF7905F4F1DD6
9832DFD60B
2EBE was found but is not valid for use with Exchange Server (reason: PkixKpServerAuthNotFoundIn
EnhancedKe
yUsage).
+ CategoryInfo : NotSpecified: (:) [Remove-ExchangeCertificat
e], InvalidOperationException
+ FullyQualifiedErrorId : 7884D31B,Microsoft.Exchang
e.Manageme
nt.SystemC
onfigurati
onTasks.Re
moveExchan
geCertific
ate
[PS] C:\Windows\system32>
The certificate is listed in my revoked certificates. How can I stop this message coming up, is there a way to delete the certificate permanently from the revoked certificates in the Certification Authority? If I right-click the certificate in the Certification Authority the only Tasks are:
View Attributes/Extensions
Export Binary Data
Unrevoke Certificate.
All of which seem irrelevant?
Any help with this would be appreciated.
Siv
This question was ages ago and I have since found how to delete it!
What does "CA" mean (I normally associate that with "Certificate Authority"?)/
Siv