locked
how to remove expaired SSL certificate from exchange 2010 server RRS feed

  • Question

  • We have exchange 2010 exchange server.  We have installed digicert for 3 years. But our expired certificate not removes till now. So can I remove old expired certificate from both exchange DAG system > server configuration?

    our exchange cannot connect from outside. but few days ago its working.

    Event viewer show message

    Certificate for local system with Thumbprint 3f ac 9c 9a ac 0d 90 1a 99 e2 a1 f5 93 b0 f1 4a 25 24 da d7 is about to expire or already expired.

     

     

     

     

     

     


    • Edited by Qamrul2001 Sunday, December 1, 2013 5:00 PM
    Sunday, December 1, 2013 4:37 PM

Answers

  • Yes you can right click on your expired SSL Digicert certificate and remove it in the Exchange management console or Exchange shell.

    Make sure to assign your new SSL Certificate to all services you wish before removing the old one. (Digicert has a great "How To" article on this topic)

    My best practice is to have the year in the friendly certificate name so when I delete the expired ssl cert I am 100% certain I know which one I am deleting.

    • Marked as answer by Qamrul2001 Wednesday, December 4, 2013 10:29 AM
    Sunday, December 1, 2013 5:08 PM

All replies

  • did you assign all services to new SSL certificate?

    Then why you want to delete certificate?

    did you try to remove old certificate?
    Sunday, December 1, 2013 4:56 PM
  • Yes you can right click on your expired SSL Digicert certificate and remove it in the Exchange management console or Exchange shell.

    Make sure to assign your new SSL Certificate to all services you wish before removing the old one. (Digicert has a great "How To" article on this topic)

    My best practice is to have the year in the friendly certificate name so when I delete the expired ssl cert I am 100% certain I know which one I am deleting.

    • Marked as answer by Qamrul2001 Wednesday, December 4, 2013 10:29 AM
    Sunday, December 1, 2013 5:08 PM
  • In Exchange powershell:

    Enable-ExchangeCertificate -Thumbprint "your certificate for exchange" -Services IMAP,POP,IIS,SMTP

    You can find thumbprint in the properties of your certificate.

    after new cert been set as default you can delete the old one


    Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you. Thank you! Off2work


    • Edited by Off2work Sunday, December 1, 2013 5:45 PM text added
    Sunday, December 1, 2013 5:30 PM
  • Hi,

    Please refer to the following article:

    http://www.techieshelp.com/how-to-remove-an-expired-exchange-2007-certificate-and-create-a-new-certificate/

    Hope this helps

    Thanks.

    Note:

    Microsoft is providing this information as a convenience to you.

    The sites are not controlled by Microsoft.

    Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there.

    Please make sure that you completely understand the risk before retrieving any suggestions from the above link.


    Niko Cheng
    TechNet Community Support

    Monday, December 2, 2013 8:31 AM