About 2 exchange certificates

Hey Experts,
I have inherited a small business customer who's only server is a SBS2011 (25clients).
The SBS on premise exchange server is heavily used, and as it has been some time I've still had to maintain an exchange 2010 I've lost a bit of knowledge about these inhouse mailservers.
I've noticed 2 warning events popping up from eventvwr with eventid 26: exchange web services, informing me that 2 exchange certificates will be expiring soon.
When I check the services they are used for, it says they are used for nothing. (check attachment)
I'm someone who likes this to be as clean as possible, so can I just delete these?
Or will I need to renew? And if so, whatfor?
Please advise!
Kind regards,
Kim
expertsexchange.jpg
Kim Van RymenantIT System EngineerAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Wayne88Commented:
The certs that are not attached to any service are safe to delete.  Certs that are attached will have service names displayed as shown here:

https://filedb.experts-exchange.com/incoming/2017/03_w09/1148704/Server-certificate-list.jpg

Are those all the certs you have installed on the SBS?  Do you have any valid certs for OWA (IIS), Exchange?

Can you open up Exchange PowerShell and do "Get-ExchangeCertificate" to see all the certificates prior to deleting them.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Mark BillExchange, AD, SQL, VMware, HPE, 3PAR, FUD, Anti MS Tekhnet, Pro EE, #1Commented:
my two cents

dont use self signed certs use Godaddy or competitor level wildcard certs and SSL your exchange EWS urls autodiscover etc from the one wildcard cert.

self signeds are for cowboys in my opinion. #1
0
Kim Van RymenantIT System EngineerAuthor Commented:
Dear Wayne88,
There are no known services attached to the certificates, as shown in the screenshot.
experts.jpgThe Get-ExchangeCertificate
experts2.jpgI guess I can safely delete, as apparently there's only one used?
Please confirm?
Kind regards,
Kim
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

Wayne88Commented:
Hi Kim,

One last check is to ensure that the thumbprint on the two certificates (which I cannot see from the pics provided) does not end with 842D1B as shown in the second pic above is binded to a service.  If they don't have the same thumbprint then you are good to delete them.

Regards,

Wayne
0
Kim Van RymenantIT System EngineerAuthor Commented:
I just checked and, no they don't end with that thumbprint.
Can I assume that it was my predecessor messing around trying to create a self-signed cert, having issues with the owa IIS not willing to cooperate (certification errors popping up), and that the decision was made to get an external authority to provide a valid certificate?
0
Wayne88Commented:
Yes a number of assumptions can be made.  Regardless we know that those certs are:

1.  Not attached to a service
2.  Will expire in less than 2 weeks

Regardless, if they were used they will need to be renewed anyways (you will need to create another self-signed cert.).  They are safe to delete.
0
Kim Van RymenantIT System EngineerAuthor Commented:
Dear Wayne88,
thanks for the helpful replies.
I'll delete the certificates this week, and keep you informed!
0
Wayne88Commented:
Hi Kim, sure and keep us updated.  Thanks for getting back.
0
Kim Van RymenantIT System EngineerAuthor Commented:
Dear Wayne88,
exchange certificates deleted, no issues came up.
Thanks for the confirmation!
Kudos to you!
Greetings!
Kim
0
Wayne88Commented:
You're welcome Kim and thanks for getting back! Cheers!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.