locked
Removal of Exchange 2010 Certificates RRS feed

  • Question

  • I inherited an Exchange 2010 Server and am trying to figure out exactly which certificates I need on the server and which ones I can remove.

    We recently purchased a SAN certificate that has all the correct FQDN and servers listed, BUT there are several certificates still on the servers that I would love to remove if I can.

    List of certificates on Exchange Server:

    • Self signed Root certificate (would like to remove if possible.)
    • Certificate with no name issued by our internal CA (would like to remove if possible)
    • WildCard Cert. (This was replaced by the SAN Cert, would like to remove if possible)
    • SAN Cert.

    Does anyone have any suggestion on how to determine if any of these certs are actually needed? If they are not, I would love to remove them.

    Wednesday, June 6, 2012 12:49 PM

Answers

  • Hello,

    In Exchange, certificate can be enabled for IIS, SMTP, POP and IMAP services. You can include all the necessary host names in one SAN certificate and only enable it on all the services.

    So, if you make sure your new certificate includes all the necessary host names, you can remove the others.

    Thanks,

    Simon

    • Marked as answer by netlander Wednesday, June 13, 2012 2:30 PM
    Thursday, June 7, 2012 5:19 AM

All replies

  • Run this command post the result

    Get-ExchangeCertificates
    Get-ExchangeCertificates |fl


    Gulab Prasad,
    gulab@exchangeranger.com
    My Blog | Z-Hire Employee Provisioning App

    Wednesday, June 6, 2012 12:53 PM
  • Hello,

    In Exchange, certificate can be enabled for IIS, SMTP, POP and IMAP services. You can include all the necessary host names in one SAN certificate and only enable it on all the services.

    So, if you make sure your new certificate includes all the necessary host names, you can remove the others.

    Thanks,

    Simon

    • Marked as answer by netlander Wednesday, June 13, 2012 2:30 PM
    Thursday, June 7, 2012 5:19 AM