Some questions about certificates on an SBS 2011 standard server. Which are needed? Which should be deleted?
On an SBS 2011 standard server, I was having problems getting a new user working on ios (but outlook 2016 worked fine and other existing users set up fine on the phone)..
I started playing with the microsoft connectivity tester and it was failing with certificate errors.
Troubleshooting some error numbers, I see pages talking about checking the certificates.
Looking in the certificate snap in, there's this user and this machine choices. looking in there, there's LOADS of certs. some expired. some YEARS away from expiration (affirm Trust Premium ECC with exp 12/31/2040 is the farthest out in trusted root certs), there's trusted root cert authories, third party trusted root certs. 'all' we use the server for is exchange and file server. Yeah, I use server/remote and server/owa... the users don't.
Can I blindly delete the expired certs (some I think are self signed) we do have a comodo cert that expires in 1 1/2 years. There were godaddy certs - I think we had that before the comodo. and other certs from companies I don't know about. They come with the server? (again it's SBS 2011).
And there's untrusted certs like diginotar Root CA G2 expiring in 2029).
Is there a list of what I can / should delete or keep? Just to reduce clutter? I just know about the comodo cert we bought. these others? No clue.
THere's a */EFGO.GOV.TR cert expiring in 2021. We are a US based company / don't do anything with other countries... ok, I see something about google / fruadulent certs and I can / should delete that one?
Do I just google each one to see what I find? Is there a way to delete all except the comodo and import a current / clean set of trusted root cert authority cert?
THANKS!
I started playing with the microsoft connectivity tester and it was failing with certificate errors.
Troubleshooting some error numbers, I see pages talking about checking the certificates.
Looking in the certificate snap in, there's this user and this machine choices. looking in there, there's LOADS of certs. some expired. some YEARS away from expiration (affirm Trust Premium ECC with exp 12/31/2040 is the farthest out in trusted root certs), there's trusted root cert authories, third party trusted root certs. 'all' we use the server for is exchange and file server. Yeah, I use server/remote and server/owa... the users don't.
Can I blindly delete the expired certs (some I think are self signed) we do have a comodo cert that expires in 1 1/2 years. There were godaddy certs - I think we had that before the comodo. and other certs from companies I don't know about. They come with the server? (again it's SBS 2011).
And there's untrusted certs like diginotar Root CA G2 expiring in 2029).
Is there a list of what I can / should delete or keep? Just to reduce clutter? I just know about the comodo cert we bought. these others? No clue.
THere's a */EFGO.GOV.TR cert expiring in 2021. We are a US based company / don't do anything with other countries... ok, I see something about google / fruadulent certs and I can / should delete that one?
Do I just google each one to see what I find? Is there a way to delete all except the comodo and import a current / clean set of trusted root cert authority cert?
THANKS!
Who is Participating?
Experts Exchange Solution brought to you by
Enjoy your complimentary solution view.
Get every solution instantly with Premium.
Start your 7-day free trial.
I wear a lot of hats...
"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.
Experts Exchange Solution brought to you by
Your issues matter to us.
Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.
Start your 7-day free trial
Don't forget there are 2 certificate stores -- machine and the per user store. Since you obviously are not familiar with the certificates and certificate stores my suggestion is to not fiddle with them.
We are a US based company / don't do anything with other countries You don't have customers worldwide? You have absolutely no control over other sites and where they source their certificates they could have got a really good price from the hong kong post office CA
We are a US based company / don't do anything with other countries You don't have customers worldwide? You have absolutely no control over other sites and where they source their certificates they could have got a really good price from the hong kong post office CA
David: I'd rather not fiddle with them - a little knowledge is dangerous... But for troubleshooting email cert issues, being obsessive, and wanting (needing) to learn things, I feel I need to deal with this.
Sajid: Right click the certificate you’d like to remove and click delete
thoughts on which other than expired ones that I should keep /delete? I guess I should list them / screen capture and see if anyoine here sees glaring red flags / ones I should make sure not to touch.
Sajid: Right click the certificate you’d like to remove and click delete
thoughts on which other than expired ones that I should keep /delete? I guess I should list them / screen capture and see if anyoine here sees glaring red flags / ones I should make sure not to touch.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
SBS
From novice to tech pro — start learning today.
Experts Exchange Solution brought to you by
Enjoy your complimentary solution view.
Get every solution instantly with Premium.
Start your 7-day free trial.
to delete the old/expired certificate -
1) Start - run - MMC - select add snap-in - select certificates - Select local computer
2) Expand Certificates, expand Personal, click ‘Certificates’ inside Personal
3) Right click the certificate you’d like to remove and click delete
check this useful article as well
https://blogs.technet.microsoft.com/sbs/2008/10/03/receiving-certificate-errors-when-connecting-to-clientsservers-with-ts-gateway-or-remote-web-workplace-on-sbs-2008/
all the best