troubleshooting Question
Some questions about certificates on an SBS 2011 standard server. Which are needed? Which should be deleted?
asked on
On an SBS 2011 standard server, I was having problems getting a new user working on ios (but outlook 2016 worked fine and other existing users set up fine on the phone)..
I started playing with the microsoft connectivity tester and it was failing with certificate errors.
Troubleshooting some error numbers, I see pages talking about checking the certificates.
Looking in the certificate snap in, there's this user and this machine choices. looking in there, there's LOADS of certs. some expired. some YEARS away from expiration (affirm Trust Premium ECC with exp 12/31/2040 is the farthest out in trusted root certs), there's trusted root cert authories, third party trusted root certs. 'all' we use the server for is exchange and file server. Yeah, I use server/remote and server/owa... the users don't.
Can I blindly delete the expired certs (some I think are self signed) we do have a comodo cert that expires in 1 1/2 years. There were godaddy certs - I think we had that before the comodo. and other certs from companies I don't know about. They come with the server? (again it's SBS 2011).
And there's untrusted certs like diginotar Root CA G2 expiring in 2029).
Is there a list of what I can / should delete or keep? Just to reduce clutter? I just know about the comodo cert we bought. these others? No clue.
THere's a */EFGO.GOV.TR cert expiring in 2021. We are a US based company / don't do anything with other countries... ok, I see something about google / fruadulent certs and I can / should delete that one?
Do I just google each one to see what I find? Is there a way to delete all except the comodo and import a current / clean set of trusted root cert authority cert?
THANKS!
I started playing with the microsoft connectivity tester and it was failing with certificate errors.
Troubleshooting some error numbers, I see pages talking about checking the certificates.
Looking in the certificate snap in, there's this user and this machine choices. looking in there, there's LOADS of certs. some expired. some YEARS away from expiration (affirm Trust Premium ECC with exp 12/31/2040 is the farthest out in trusted root certs), there's trusted root cert authories, third party trusted root certs. 'all' we use the server for is exchange and file server. Yeah, I use server/remote and server/owa... the users don't.
Can I blindly delete the expired certs (some I think are self signed) we do have a comodo cert that expires in 1 1/2 years. There were godaddy certs - I think we had that before the comodo. and other certs from companies I don't know about. They come with the server? (again it's SBS 2011).
And there's untrusted certs like diginotar Root CA G2 expiring in 2029).
Is there a list of what I can / should delete or keep? Just to reduce clutter? I just know about the comodo cert we bought. these others? No clue.
THere's a */EFGO.GOV.TR cert expiring in 2021. We are a US based company / don't do anything with other countries... ok, I see something about google / fruadulent certs and I can / should delete that one?
Do I just google each one to see what I find? Is there a way to delete all except the comodo and import a current / clean set of trusted root cert authority cert?
THANKS!
Learn from the best
Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.
Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 4 Comments.
Try for 7 days”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.
Our community of experts have been thoroughly vetted for their expertise and industry experience.