Pkafkas
asked on
Removing an expired Exchange Certificate in Exchange 2013 SP3
Hello:
I created and uploaded a new Exchange Certificate from Godaddy earlier this year. The new certificate is working just fine thanks to the Expert's help ( https://www.experts-exchange.com/questions/28998446/Is-adding-an-Internediate-Certificate-file-spc-p7b-required-when-installing-a-new-Digital-Certificate-on-an-Exchange-Server.html)
Now under the
I would prefer to remove any configurations that are no longer valid; but, since, I have never done this before, I am not sure if I can safely remove the old certificate
Without breaking anything. My question is, may I remove the old/expired certificate just as shown from the module shown above? Or will that break something in Exchange? Again I am assuming that since it is no longer in use, I should be OK but, I would rather be safe and ask than be sorry by being reckless.
I created and uploaded a new Exchange Certificate from Godaddy earlier this year. The new certificate is working just fine thanks to the Expert's help ( https://www.experts-exchange.com/questions/28998446/Is-adding-an-Internediate-Certificate-file-spc-p7b-required-when-installing-a-new-Digital-Certificate-on-an-Exchange-Server.html)
Now under the
Server Configuration- Exchange Certificates module, I have 2 objects. The expired certificate and the valid certificate.
I would prefer to remove any configurations that are no longer valid; but, since, I have never done this before, I am not sure if I can safely remove the old certificate
Without breaking anything. My question is, may I remove the old/expired certificate just as shown from the module shown above? Or will that break something in Exchange? Again I am assuming that since it is no longer in use, I should be OK but, I would rather be safe and ask than be sorry by being reckless.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hello, I just noticed the last post. Sorry for the tardy response.
1. I logged on to the Exchange Server and opened: Internet Information Services manager.
2. I then navigated to the 'server certificates' section, under the IIS section.
3. I see both the expired certificate (top) and the current certificate (bottom); but, I do not see where to check services.
How can I check the services that are associated with this specific certificate in IIS?
1. I logged on to the Exchange Server and opened: Internet Information Services manager.
2. I then navigated to the 'server certificates' section, under the IIS section.
3. I see both the expired certificate (top) and the current certificate (bottom); but, I do not see where to check services.
How can I check the services that are associated with this specific certificate in IIS?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
As you can tell, I know enough to be very dangerous in Exchange and IIS Server. I still do not see any services associated with any specific certificate. Please see the screen shot.
I see services listed; but I do not see any ties to any specific certificate.
I see services listed; but I do not see any ties to any specific certificate.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Got it,
I do not see any services associated with the old expired certificate. I only see services in the IIS associated with the new certificate. Thank you for explaining to me how to verify the assigned services before I begin deleting things.
I do not see any services associated with the old expired certificate. I only see services in the IIS associated with the new certificate. Thank you for explaining to me how to verify the assigned services before I begin deleting things.
You are very welcome. :)
ASKER
I ran the commands that you guys suggested to see which services are assigned to each certificate. Each certificate does have their own unique thumbprint.
The expired cert has POP, IMAP, SMTP services assigned to it.
But the valid cert has POP, IMAP, IIS, SMTP assigned to it.
I thought only 1 certificate can be active once you assign services to it. I thought that only 1 certificate can have services assigned to it on the Exchange server? We are not receiving any certificate errors or warnings from Outlook. I think it would be best to ask before I start clicking.
Tom Cieslik, how can I see if the IIS is still bound to the old certificate? I do not nee IIS associated with the old expired certificate (From GUI or powershell commands). To me that is proof enough. How else can we verifiy?