About 2 exchange certificates

Kim Van Rymenant
Kim Van Rymenant used Ask the Experts™
on
Hey Experts,
I have inherited a small business customer who's only server is a SBS2011 (25clients).
The SBS on premise exchange server is heavily used, and as it has been some time I've still had to maintain an exchange 2010 I've lost a bit of knowledge about these inhouse mailservers.
I've noticed 2 warning events popping up from eventvwr with eventid 26: exchange web services, informing me that 2 exchange certificates will be expiring soon.
When I check the services they are used for, it says they are used for nothing. (check attachment)
I'm someone who likes this to be as clean as possible, so can I just delete these?
Or will I need to renew? And if so, whatfor?
Please advise!
Kind regards,
Kim
expertsexchange.jpg
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Top Expert 2015
Commented:
The certs that are not attached to any service are safe to delete.  Certs that are attached will have service names displayed as shown here:

https://filedb.experts-exchange.com/incoming/2017/03_w09/1148704/Server-certificate-list.jpg

Are those all the certs you have installed on the SBS?  Do you have any valid certs for OWA (IIS), Exchange?

Can you open up Exchange PowerShell and do "Get-ExchangeCertificate" to see all the certificates prior to deleting them.
Mark BillExchange, AD, SQL, VMware, HPE, 3PAR, FUD, Anti MS Tekhnet, Pro EE, #1

Commented:
my two cents

dont use self signed certs use Godaddy or competitor level wildcard certs and SSL your exchange EWS urls autodiscover etc from the one wildcard cert.

self signeds are for cowboys in my opinion. #1
Kim Van RymenantIT System Engineer

Author

Commented:
Dear Wayne88,
There are no known services attached to the certificates, as shown in the screenshot.
experts.jpgThe Get-ExchangeCertificate
experts2.jpgI guess I can safely delete, as apparently there's only one used?
Please confirm?
Kind regards,
Kim
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Top Expert 2015
Commented:
Hi Kim,

One last check is to ensure that the thumbprint on the two certificates (which I cannot see from the pics provided) does not end with 842D1B as shown in the second pic above is binded to a service.  If they don't have the same thumbprint then you are good to delete them.

Regards,

Wayne
Kim Van RymenantIT System Engineer

Author

Commented:
I just checked and, no they don't end with that thumbprint.
Can I assume that it was my predecessor messing around trying to create a self-signed cert, having issues with the owa IIS not willing to cooperate (certification errors popping up), and that the decision was made to get an external authority to provide a valid certificate?
Top Expert 2015
Commented:
Yes a number of assumptions can be made.  Regardless we know that those certs are:

1.  Not attached to a service
2.  Will expire in less than 2 weeks

Regardless, if they were used they will need to be renewed anyways (you will need to create another self-signed cert.).  They are safe to delete.
Kim Van RymenantIT System Engineer

Author

Commented:
Dear Wayne88,
thanks for the helpful replies.
I'll delete the certificates this week, and keep you informed!
Top Expert 2015

Commented:
Hi Kim, sure and keep us updated.  Thanks for getting back.
Kim Van RymenantIT System Engineer

Author

Commented:
Dear Wayne88,
exchange certificates deleted, no issues came up.
Thanks for the confirmation!
Kudos to you!
Greetings!
Kim
Top Expert 2015

Commented:
You're welcome Kim and thanks for getting back! Cheers!

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial