Exchange Self-Signed Certificate Question

deathnote666deathnote666 Registered User regular
We're updating to a new server, exchange soon but this is to tide us over until then.

Exchange 2007, Server 2008

I'm trying to replace an expired self-signed certificate. All I've found so far is using the exchange powershell and I don't have much experience in that.

http://www.ncol.net/how-to-renew-a-self-signed-certificate-in-exchange-server-2007/

On step 2, the one it wants me to overwrite isn't the expired self-signed cert. but a different one that I am not sure what it is.

Suggestions? Is there a method that doesn't use powershell?

Thanks.

Posts

  • FeralFeral MEMETICHARIZARD along with you if I get drunk well I know I'm gonna be gonna be the man whoRegistered User regular
    There are no native GUI tools in Exchange 2007 to manage certificates. Certificate management through the GUI was a feature added in Exchange 2010.

    There are third-party tools available but I haven't used them so I can't vouch. The official way is to use Powershell.

    It sounds like you have more than one certificate installed in Exchange. Perform the following Powershell command to list all the SSL certificates that Exchange is using:
    Get-ExchangeCertificate -server Servername | fl
    

    That will output something like this for each certificate:

    image0021229343213539.gif

    Pay close attention to the line that says "Services." That tells you which protocols that Exchange is using the certificate for.

    every person who doesn't like an acquired taste always seems to think everyone who likes it is faking it. it should be an official fallacy.
    the "no true scotch man" fallacy.
  • deathnote666deathnote666 Registered User regular
    edited December 2016
    Thanks for the reply

    The one that it wants to overwrite has services managed by the other expired certificate.

    Does there only need to be 1 certification per protocol/service or can each certificate manage different aspects of each service? Don't want to overwrite one and lose OWA capability, for example.

    I'm new when it comes to certifications, cmdlets sorry.

    deathnote666 on
  • FeralFeral MEMETICHARIZARD along with you if I get drunk well I know I'm gonna be gonna be the man whoRegistered User regular
    Each certificate can be bound to multiple services.

    Each service can only be bound to one certificate.

    In other words, if the output of that cmdlet says that a certificate is bound to SMTP, then you can be sure that SMTP is only using that certificate.

    every person who doesn't like an acquired taste always seems to think everyone who likes it is faking it. it should be an official fallacy.
    the "no true scotch man" fallacy.
  • deathnote666deathnote666 Registered User regular
    My situation:
    Certificate 1: SMTP
    Certificate 2: SMTP, POP, IMAP (the one that the cmdlet wants to overwrite)
    Certificate 3: SMTP, POP, IMAP, IIS (the expired self-signed one that I want to replace)

    If I delete one, will another take it's place on that protocol?

  • FeralFeral MEMETICHARIZARD along with you if I get drunk well I know I'm gonna be gonna be the man whoRegistered User regular
    Well, I guess I was wrong about each service only being bound to one certificate.

    Are all three certificates self-signed?

    every person who doesn't like an acquired taste always seems to think everyone who likes it is faking it. it should be an official fallacy.
    the "no true scotch man" fallacy.
  • deathnote666deathnote666 Registered User regular
    Certificate 1: as far as I know, it is not self-signed, not expired.
    Certificate 2,3: as far as I know, they are self-signed, both expired.

    It's possible the first one was self-signed before the server was named and what I am looking at is a default server name (probably not though since the name can't be changed after exchange is installed I think).

Sign In or Register to comment.