Certificate expiring warning but the certificate was renewed and old removed


  • I renewed the CAS certificate with our internal CA but one of my CAS servers is still logging that the old certificate is going to expire.

    If I look in the EMC I do not see the old cert and if I use get-exchangecertificate | fl it is not listed there either.

    I've also tried remove-exchangecertificate OldThumbprint but get an error that says it doesn't exist.

    The only place I've found it (so far) is in the registry.

    HKLM\Software\Microsoft\SystemCertificates\MY\Certificates\Old Thumbprint

    HKLM\Software\Wow6432Node\Microsoft\SystemCertificates\MY\Certificates\Old Thumbprint

    any thoughts or help would be appreciated

    Thursday, April 20, 2017 1:03 PM

All replies

  • Have you properly assigned the services to the new certificate? And what do you see in the certificate MMC console?

    Will Martin ...
    -join ('77696c6c406d617274696e2d66616d696c6965732e6f7267' -split '(?<=\G.{2})' | ? { $_ } | % { [char][int]"0x$_" })

    Thursday, April 20, 2017 1:13 PM
  • I have assigned the appropriate services to the new certificate.

    The only certificates I see in the MMC are the new one (after the renewal) and the selfsigned server certificate that has been there since install with no services assigned.

    Thursday, April 20, 2017 1:47 PM
  • And is the self signed one about to expire???



    Microsoft Senior Exchange PFE

    Blog:  Twitter:   LinkedIn:   Facebook:   XING:

    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Thursday, April 20, 2017 4:54 PM
  • No, the self signed in 2021. As I said the Thumbprint for the old CA certificate is not found when I run get-exchangecertificate | fl

    The only place I can find it is in the registry.

    Thursday, April 20, 2017 6:39 PM
  • Hi swinney,

    Try to reset IIS or reboot the CAS server to check if any helps.

    I also found a similar thread, it was due to a backup CAS server hadn't be corrected, it may give your some hints:

    Exchange CAS certificate expired and renewed but all Outlook client get old cert

    Best Regards,

    Niko Cheng
    TechNet Community Support

    Please remember to mark the replies as answers.
    If you have feedback for TechNet Subscriber Support, contact

    Friday, April 21, 2017 9:13 AM