none
Removing expired Exchange 2007 Certificates? RRS feed

  • Question

  • Hi,

    As the title suggests I'm running a 2007 Exchange server and while troubleshooting an issue I realized that there are a couple expired certificates still on this server. 

    Running Get-ExchangeCertificate | FL reveals a total of three certificates are installed.  One expired in 2014, another expired in September 2016 and the last one is valid until September of 2017.  Is it prudent to remove these old ones and if I do will this cause any issues with the current one?  Or can I simply ignore them like I apparently have for the last couple years?

    All the examples I've found online, the few I've looked at at least, demonstrate to remove the expired and then create the new one.  Last thing I want to do is break my server, does order of removal and install matter?

    Thanks in advance,

    Linn

    Wednesday, November 16, 2016 8:28 PM

All replies

  • Hi,

    Are the expired certificates self-signed certs?

    Generally, if you have assigned your new SSL Certificate to all required services you wish, you can remove the old one. 

    Or you can refer to the following command to renew the expired cert:

    Get-ExchangeCertificate -Thumbprint xxxxxxxxxxxxxxxxxxxxxxxxxxxxx | New-ExchangeCertificate

    In addition, I have found some related links for your reference:

    https://social.technet.microsoft.com/Forums/exchange/en-US/961bef25-6f08-4b72-a58a-3604a46862ff/expired-certificate-on-exchange-2007?forum=exchangesvradminlegacy

    http://www.techieshelp.com/how-to-remove-an-expired-exchange-2007-certificate-and-create-a-new-certificate/

    Please note: Since the website is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.



    Best Regards,
    David Wang
    TechNet Community Support


    Please remember to mark the replies as answers if they helped.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, November 17, 2016 3:09 AM
    Moderator
  • Hi,
    How about the issue? Are above replies helpful to you?


    Best Regards,
    David Wang
    TechNet Community Support


    Please remember to mark the replies as answers if they helped.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.


    Wednesday, November 23, 2016 7:36 AM
    Moderator
  • Sorry for the delayed response but I rarely get more than an hour or so to work on any given problem.

    To answer your question these are all Go Daddy signed certs and I do have a current, valid cert, expires in August 2017. 

    Through my own research I saw the command to remove certs using PowerShell.  I'm just wondering if it is safe to remove them or will I be pulling the rug out from under the current cert.

    Does it hurt anything having them there, can they interfere with any of Exchange's functions?

    Thanks,

    Linn

    Wednesday, November 23, 2016 8:41 PM
  • Hi,

    Yes, you can remove the expired certs as you have applied new third-party cert.
    Make sure you have assigned your new SSL Certificate to all required services you wish.



    Best Regards,
    David Wang
    TechNet Community Support


    Please remember to mark the replies as answers if they helped.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.


    Thursday, November 24, 2016 3:17 AM
    Moderator
  • Hi,

    If the issue is resolved, please mark some helpful replies as answers, that will encourage people to take time out to help you. 
    Thanks for your collaboration.


    Best Regards,
    David Wang
    TechNet Community Support


    Please remember to mark the replies as answers if they helped.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, November 28, 2016 6:58 AM
    Moderator