I have a certificate for Exchange 2016 expiring in the next couple months and I have downloaded the new cert. I can go through the steps here to renew the cert but why couldn't I just upload the new cert and assign the roles to it, which seems far simpler of a process? Is there any downside to that?
Asked
Active
Viewed 174 times
2 Answers
1
Nope. In fact new certs (and new keys!) are the better/more secure option, just make sure you have the same SANs, renewals simply reduce the option for user-error.
Jacob Evans
- 7,886
- 3
- 29
- 57
-
Thanks for the answer. Should I remove the old one or let it expire? – Zombian May 19 '20 at 16:26
-
remove/purge it after it expires, if that private key is lost anyone with old pcaps of your network traffic could recover data. Also, hopefully you generated your private key on the server you need it, and did not use a 3rd party utility to provide you with a private key which has touched multiple systems. – Jacob Evans May 20 '20 at 13:30
0
According to Paul Cunningham's documentation "How to Remove an SSL Certificate from Exchange Server 2013", if you're not 100% sure you don’t need the certificate any more, you'd better not remove the expired certificate, because the removal of the cert may cause some accidents. Besides, if the new certs cause some issues, you could troubleshoot them by referring to the configurations of the expired certificate.
Ivan_Wang
- 1,333
- 1
- 4
- 4