The new forums will be named Coin Return (based on the most recent vote)! You can check on the status and timeline of the transition to the new forums here.
The Guiding Principles and New Rules document is now in effect.
Exchange Self-Signed Certificate Question
deathnote666
Registered User regular
Registered User regular
We're updating to a new server, exchange soon but this is to tide us over until then.
Exchange 2007, Server 2008
I'm trying to replace an expired self-signed certificate. All I've found so far is using the exchange powershell and I don't have much experience in that.
http://www.ncol.net/how-to-renew-a-self-signed-certificate-in-exchange-server-2007/
On step 2, the one it wants me to overwrite isn't the expired self-signed cert. but a different one that I am not sure what it is.
Suggestions? Is there a method that doesn't use powershell?
Thanks.
Exchange 2007, Server 2008
I'm trying to replace an expired self-signed certificate. All I've found so far is using the exchange powershell and I don't have much experience in that.
http://www.ncol.net/how-to-renew-a-self-signed-certificate-in-exchange-server-2007/
On step 2, the one it wants me to overwrite isn't the expired self-signed cert. but a different one that I am not sure what it is.
Suggestions? Is there a method that doesn't use powershell?
Thanks.
0
Posts
There are third-party tools available but I haven't used them so I can't vouch. The official way is to use Powershell.
It sounds like you have more than one certificate installed in Exchange. Perform the following Powershell command to list all the SSL certificates that Exchange is using:
That will output something like this for each certificate:
Pay close attention to the line that says "Services." That tells you which protocols that Exchange is using the certificate for.
the "no true scotch man" fallacy.
The one that it wants to overwrite has services managed by the other expired certificate.
Does there only need to be 1 certification per protocol/service or can each certificate manage different aspects of each service? Don't want to overwrite one and lose OWA capability, for example.
I'm new when it comes to certifications, cmdlets sorry.
Each service can only be bound to one certificate.
In other words, if the output of that cmdlet says that a certificate is bound to SMTP, then you can be sure that SMTP is only using that certificate.
the "no true scotch man" fallacy.
Certificate 1: SMTP
Certificate 2: SMTP, POP, IMAP (the one that the cmdlet wants to overwrite)
Certificate 3: SMTP, POP, IMAP, IIS (the expired self-signed one that I want to replace)
If I delete one, will another take it's place on that protocol?
Are all three certificates self-signed?
the "no true scotch man" fallacy.
Certificate 2,3: as far as I know, they are self-signed, both expired.
It's possible the first one was self-signed before the server was named and what I am looking at is a default server name (probably not though since the name can't be changed after exchange is installed I think).