0

We use an Exchange 2010 SP3 environment (14.3.266.1).

We replaced a wildcard certificated with a new one before it expired, assigned the roles to the certificated in exchange (SMTP etc...) before removing the old certificate from Exchange on all servers.

We used the GUI to complete this operation. This was 2 months ago. All exchange servers have been restarted for new service packs since them.

Some users report getting a certificate popup warning of an expired certificate. I personally never came across this error and dismissed it foolishly as a transient issue that wouldn't return but in the following months since the previous certificate expiring we have had numerous reports of Security Alerts warning of the certificate expiration. The security alert shows the old expired certificate.

I ran a connection test on Outlook 2013 with the following result: enter image description here

How do I get rid of all traces of the certificate.

Cheers!

Community
  • 1
ZZ9
  • 888
  • 3
  • 16
  • 47
  • 1
    Please post the output of "Get-ExchangeCertificate" – Phil Nov 25 '15 at 17:01
  • Practically the answer right there @Phil – Jacob Evans Nov 25 '15 at 17:03
  • And use e.g. "Enable-ExchangeCertificate -server BLAH -Services IMAP, POP, IIS, SMTP -Thumbprint 87236487623487634..." – Phil Nov 25 '15 at 17:05
  • Hi, thanks for the suggestions. I did consider using powershell rather than the GUI to begin with. Following the initial occurrence of the problem I attempted to replicated what I had done in the GUI on powershell and essentially used the two commands @Phil mentions - to no avail – ZZ9 Nov 25 '15 at 17:23
  • FYI, the command doesn't show the old cert – ZZ9 Nov 25 '15 at 17:26
  • If you have removed the certificate from ALL Exchange servers (Computer account I presume not user account) then the only explanation I can think of is that you are using a reverse proxy / load balancer / SSL offloader that is providing that certificate. – Phil Nov 25 '15 at 17:26
  • try going to the URL in a brower and seeing what cert comes up. Also ping the FQDN and check the IP matches your exchange server – Phil Nov 25 '15 at 17:27

0 Answers0