Removing default certificate
-
Mittwoch, 20. Juni 2007 23:21
I have an Exchange 2007 setup, which includes 2 CAS/HT boxes, using NLB.
I have run new-exchangecertificate on the first server (CAS1) and used the cert request to generate a cert from an external CA. This has been imported and enabled on that server, and everything works fine.
The second server (CAS2) is a different story. During testing, I ran new-exchangecertificate and used the cert request to generate a cert from my internal CA. This was imported and installed. As I moved closer to putting it all into production, I exported the externally-generated cert from CAS1 and installed and enabled it on CAS2.
This worked fine for some time, however I am now getting SmtpSend and SmtpReceive warnings in the applog on CAS2, telling me that the cert has expired. The thumbprint referenced in the applog is for the internally-generated cert. I made sure no services were assigned to it (using enable-exchangecertificate), and that SMTP (in particular) is assigned to the externally-generated cert.
I then used remove-exchangecertificate against the thumbprint of the internally-generated cert, only to receive an error stating that the default certificate cannot be removed.
The Exchange *.chm (and various online sources) say the way to solve this is to generate a new cert (using new-exchangecertificate), then remove the unwanted one. As I already have a cert I want to use, this is not the solution I am after.
Any ideas?
Alle Antworten
-
Mittwoch, 18. Juli 2007 09:51
I have a similar problem
Tried to set services SMTP to my default certificate as describede in several forums
But even though the command is accepted, smtp does not show up on the default certificate.
So created a new certificate and enablede the services POP IMAP WEB SMTP to the new certificate but still gets the warning "certicate has expired" (the default certificate) and its not possible to remove it.
How do i delete the default certificate and/or how do i enable smtp to the default certificate ?
I now installed two servers at two different sites same problem both places.
Would appriciate any kind of help
-
Sonntag, 29. Juli 2007 17:24
-
Start->Run, type "mmc", enter
-
File-> Add/Remove Snap-in...
-
Click Add, select "Certificates",Click Add again.
-
On Certificates Snap-in page, select "Computer account", click Next
-
Select "Local computer", click Finish
-
Click Close to close the add snap-in page.
-
Click OK.
-
On Console Root pane, expand Certificate (Local Computer)-> Personal -> Certificates, find your old internal cert, remove it.
-
In Exchange Management Shell, use Get-ExchangeCertificate to show your exchange certs, make sure the cert issued by internal CA has been removed.
Regards,
Randy Zhong
- Als Antwort vorgeschlagen Shawn Mortensen Samstag, 26. November 2011 13:44
-
-
Donnerstag, 9. Juni 2011 13:48Thanks for the information
-
Samstag, 26. November 2011 13:44Thank you Randy, many websites had a guess, but they didn't work, your did. Your help is appreciated!!
-
Dienstag, 20. Dezember 2011 13:25
Hi,
If you want to remove Certificate from Exchange Server. follow this steps
1) Get-exchangecertificate -thumbprint | fl ------- you will see which thumbprint is associated with which services.
2) Copy the thumbprint which you want to configure the services
3) Enable-exchangecertificate -thumbprint (paste the Thumbprint Value which u copied earlier) -services "iis,smtp,pop,imap"
4) It will overwrite your exiting certificate with this one
then you can perform above mention steps
Sushant
- Als Antwort vorgeschlagen sushantgharpure Dienstag, 20. Dezember 2011 13:26
.png)
.png)
