Exchange 2013 - Edited Certificate assigned, now cant delete old cert


  • Hi all,

    I posted a thread on here earlier this week where i was trying to understand autodiscover requirements on a cert. I got the assistance i needed and paid for our certificate to be edited to include When i tried to complete my pending cert request i kept getting errors about a thumbprint being in use when it actually wasnt. I had to do a certificate repair on it to get the private key back.

    Now i have my old cert and my new edited cert, both with IIS and SMTP assigned to them. All is working now using the new cert but i cant delete the old one now.

    I get the following message -  The internal transport certificate cannot be removed because that would cause the microsoft exchange transport service to stop. to replace the internal transport certificate, create a new certificate.

    Im sure ive read that I just need to set my new cert as the default one or something similar. Can anyone advise me? I just want the old one gone and everything to be neat and tidy and to avoid confusion when it comes to renewal time.

    Hope you can advise, thanks

    Thursday, February 11, 2016 10:31 PM

All replies

  • Run this:  get-exchangecertificate  to list all of the certs. Make sure your new cert is listed and assigned to both IIS and SMTP

    Once your new cert is assigned both IIS and SMTP try to remove the old cert again with the

    remove-exchangecertificate -thumbprint "xxxxxxxxxx"

    MCSE 2012

    Thursday, February 11, 2016 10:44 PM
  • You can also try to remove the cert via the MMC then run the get-exchangecertificate again and if it's still listed try the remove-exchangecertificate -thumbprint "xxxxxxxxx" again

    MCSE 2012

    Thursday, February 11, 2016 11:03 PM