Please advise on these certs...
Hi Everyone, We have Exchange 2007 running on SBS 2008. I have a user in Outlook getting an error that a cert is expired and I have followed some instructions I found on the web to renew it, but I think it may have created new certs and still left the old ones too. The error in Outlook still persists. I used the command to show all the certs and this is what I get: I've substituted myemaildomain, myexchangeserver, and mydomain for the real values and removed the serialnumber/thumbprints in case these aren't things I should post. Do I have TOO many certs? Do I need to delete the old one that is still causing the error in Outlook? Is there someplace I need to change it to point to the replacement cert for it? Thanks, Alan AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System .Security.AccessControl.CryptoKeyAccessRule, System.Securi ty.AccessControl.CryptoKeyAccessRule, System.Security.Acce ssControl.CryptoKeyAccessRule} CertificateDomains : {remote.myemaildomain.com, myemaildomain.com, myexchangeserver.mydomain.local} HasPrivateKey : True IsSelfSigned : True Issuer : CN=remote.myemaildomain.com NotAfter : 6/20/2013 1:56:45 PM NotBefore : 6/20/2012 1:56:45 PM PublicKeySize : 2048 RootCAType : None SerialNumber : ... Services : IMAP, POP, SMTP Status : Valid Subject : CN=remote.myemaildomain.com Thumbprint : ... AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System .Security.AccessControl.CryptoKeyAccessRule, System.Securi ty.AccessControl.CryptoKeyAccessRule, System.Security.Acce ssControl.CryptoKeyAccessRule} CertificateDomains : {Sites, myexchangeserver.mydomain.local} HasPrivateKey : True IsSelfSigned : True Issuer : CN=Sites NotAfter : 6/20/2013 1:55:40 PM NotBefore : 6/20/2012 1:55:40 PM PublicKeySize : 2048 RootCAType : None SerialNumber : ... Services : IMAP, POP, SMTP Status : Valid Subject : CN=Sites Thumbprint : ... AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System .Security.AccessControl.CryptoKeyAccessRule, System.Securi ty.AccessControl.CryptoKeyAccessRule, System.Security.Acce ssControl.CryptoKeyAccessRule} CertificateDomains : {remote.myemaildomain.com, myemaildomain.com, myexchangeserver.mydomain.local} HasPrivateKey : True IsSelfSigned : True Issuer : CN=remote.myemaildomain.com NotAfter : 6/20/2013 1:55:27 PM NotBefore : 6/20/2012 1:55:27 PM PublicKeySize : 2048 RootCAType : None SerialNumber : ... Services : IMAP, POP, SMTP Status : Valid Subject : CN=remote.myemaildomain.com Thumbprint : ... AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System .Security.AccessControl.CryptoKeyAccessRule, System.Securi ty.AccessControl.CryptoKeyAccessRule, System.Security.Acce ssControl.CryptoKeyAccessRule} CertificateDomains : {Sites, myexchangeserver.mydomain.local} HasPrivateKey : True IsSelfSigned : True Issuer : CN=Sites NotAfter : 6/11/2013 3:00:00 PM NotBefore : 6/11/2012 3:00:00 PM PublicKeySize : 2048 RootCAType : None SerialNumber : ... Services : IMAP, POP, SMTP Status : Valid Subject : CN=Sites Thumbprint : ... AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System .Security.AccessControl.CryptoKeyAccessRule, System.Securi ty.AccessControl.CryptoKeyAccessRule, System.Security.Acce ssControl.CryptoKeyAccessRule} CertificateDomains : {remote.myemaildomain.com, myemaildomain.com, myexchangeserver.mydomain.local} HasPrivateKey : True IsSelfSigned : True Issuer : CN=remote.myemaildomain.com NotAfter : 6/11/2013 2:59:30 PM NotBefore : 6/11/2012 2:59:30 PM PublicKeySize : 2048 RootCAType : None SerialNumber : ... Services : IMAP, POP, SMTP Status : Valid Subject : CN=remote.myemaildomain.com Thumbprint : ... AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System .Security.AccessControl.CryptoKeyAccessRule, System.Securi ty.AccessControl.CryptoKeyAccessRule, System.Security.Acce ssControl.CryptoKeyAccessRule} CertificateDomains : {myexchangeserver, myexchangeserver.mydomain.local} HasPrivateKey : True IsSelfSigned : True Issuer : CN=myexchangeserver NotAfter : 6/6/2013 8:06:24 AM NotBefore : 6/6/2012 8:06:24 AM PublicKeySize : 2048 RootCAType : None SerialNumber : ... Services : IMAP, POP, SMTP Status : Valid Subject : CN=myexchangeserver Thumbprint : ... AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System .Security.AccessControl.CryptoKeyAccessRule, System.Securi ty.AccessControl.CryptoKeyAccessRule} CertificateDomains : {myexchangeserver.mydomain.local} HasPrivateKey : True IsSelfSigned : False Issuer : CN=mydomain-myexchangeserver-CA NotAfter : 3/3/2013 4:10:58 PM NotBefore : 3/3/2012 4:10:58 PM PublicKeySize : 2048 RootCAType : Registry SerialNumber : ... Services : IMAP, POP, SMTP Status : Valid Subject : CN=myexchangeserver.mydomain.local Thumbprint : ... AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System .Security.AccessControl.CryptoKeyAccessRule, System.Securi ty.AccessControl.CryptoKeyAccessRule} CertificateDomains : {remote.myemaildomain.com, myemaildomain.com, myexchangeserver.mydomain.local} HasPrivateKey : True IsSelfSigned : False Issuer : CN=mydomain-myexchangeserver-CA NotAfter : 5/26/2012 7:30:37 PM NotBefore : 5/27/2010 7:30:37 PM PublicKeySize : 2048 RootCAType : Registry SerialNumber : ... Services : IMAP, POP, IIS, SMTP Status : DateInvalid Subject : CN=remote.myemaildomain.com Thumbprint : ... AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System .Security.AccessControl.CryptoKeyAccessRule} CertificateDomains : {WMSvc-WIN-8GXF6BTT5EI} HasPrivateKey : True IsSelfSigned : True Issuer : CN=WMSvc-WIN-8GXF6BTT5EI NotAfter : 5/24/2020 2:44:58 PM NotBefore : 5/27/2010 2:44:58 PM PublicKeySize : 2048 RootCAType : Registry SerialNumber : ... Services : None Status : Valid Subject : CN=WMSvc-WIN-8GXF6BTT5EI Thumbprint : ... AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System .Security.AccessControl.CryptoKeyAccessRule, System.Securi ty.AccessControl.CryptoKeyAccessRule} CertificateDomains : {Sites, myexchangeserver.mydomain.local} HasPrivateKey : True IsSelfSigned : False Issuer : CN=mydomain-myexchangeserver-CA NotAfter : 5/26/2012 12:52:27 PM NotBefore : 5/27/2010 12:52:27 PM PublicKeySize : 2048 RootCAType : Registry SerialNumber : ... Services : IMAP, POP, SMTP Status : DateInvalid Subject : CN=Sites Thumbprint : ... AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System .Security.AccessControl.CryptoKeyAccessRule} CertificateDomains : {mydomain-myexchangeserver-CA} HasPrivateKey : True IsSelfSigned : True Issuer : CN=mydomain-myexchangeserver-CA NotAfter : 5/27/2015 1:01:45 PM NotBefore : 5/27/2010 12:51:46 PM PublicKeySize : 2048 RootCAType : Registry SerialNumber : ... Services : None Status : Valid Subject : CN=mydomain-myexchangeserver-CA Thumbprint : ...
June 20th, 2012 2:16pm

Are you using SBS? It looks like it from the list. I would suggest removing all of the certificates, then re-run the Internet Domain Name wizard in SBS management console. A new self signed certificate will be created. Simon. Simon Butler, Exchange MVP Blog | Exchange Resources | In the UK? Hire Me.
Free Windows Admin Tool Kit Click here and download it now
June 20th, 2012 5:30pm

Hi Simon, Thanks, I will give that a try. Alan
June 22nd, 2012 1:20pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics