Hi RayHell,

Don't remove the old ones, you need to just assign services to the new one.

Follow this guide:

9.Now, to enable your certificate for use, go back to the Certificates section of the Exchange Admin Center, highlight the certificate you want to use and click the edit button.

 

10.Click the Services option on the left side.

11.Select the services for which you would like to enable your new certificate, click Save.

 

https://www.digicert.com/ssl-certificate-installation-microsoft-exchange-2010.htm

Hi all,

Exchange 2013_CU9 With multiple older/expired SMTP-enabled SAN certs installed, New wildcard cert was installed and SMTP-enabled before the old ones expired. When the old ones expired, I started to get

"There is no valid SMTP Transport Layer Security (TLS) certificate for the FQDN of Mail1.domain com The existing certificate for that FQDN has expired. The continued use of that FQDN will cause mail flow problems. A new certificate that contains the FQDN of MAIL1.domain.com should be installed on this server as soon as possible. You can create a new certificate by using the New-ExchangeCertificate task."

Why? Should I remove all the old ones With "Date invalid" to get rid of this? And how can I do this without something breaking here?

Thanks.

• Edited by RayHell Monday, September 14, 2015 7:10 AM

Since you've assigned the wildcard cert to SMTP, I'm guessing that that Exchange is preferring to try and use the older expired certs that are specific to that name over of the wildcard cert. However, it's just an educated guess.

I would remove the expired certs since they're not useful to you at this point anyway. If you want to be really paranoid/cautious, you can export them first.

Generally, I remove certs when they are expired to clean things up. And if they're expired, why keep them around.

Thanks, that fixed it.