Hello,It has been almost 1 year since I first installed my Exchange 2007 server. Recently it has been giving me the following warning for one of our certificates:The STARTTLS certificate will expire soon: subject: EXCHANGE07.DOMAIN.COM, hours remaining: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX95F5. Run the New-ExchangeCertificate cmdlet to create a new certificate.This certificate is actually the self signed one that Exchange installs by default. We are not using this for anything that I'm aware of because we did purchase a SAN certificate that we are using and doesn't expire for another 2 years.When I run Get-ExchangeCertificate | FL Thumbprint, Services, IsSelfSigned, I get 3 results. From the results it looks like the certificate in question is being used, but I don't know for sure. Thumbprint : xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxServices : IMAP, POP, IIS, SMTPIsSelfSigned : False Thumbprint : xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxServices : NoneIsSelfSigned : True Thumbprint : xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx95F5Services : SMTPIsSelfSigned : TrueDo I really need to renew this certificate or can I just remove the SMTP service from it and be done with it?If I do need to renew the certificate is this the correct PS syntax: Get-ExchangeCertificate -thumbprint "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx95F5" | New-ExchangeCertificateIf I just need to remove the self signed certificate is this the correct PS syntax:Enable-ExchangeCertificate -thumbprint xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx95F5-Services SMTPThanks in advance for any help.MikeMike

If you don't use selfsigned certificate then you can remove it however procedure looks perfect to renew self-signed certificate... Exchange Server 2007: Renewing the self-signed certificate http://exchangepedia.com/blog/2008/01/exchange-server-2007-renewing-self.htmlAmit Tank | MVP Exchange Server | MCITP: EMA | MCSA: M | http://ExchangeShare.WordPress.com

During the certificate selection, if more than one valid certificate is found, Exchange selects a certificate based on the following criteria: 1. The value in the NotBefore field Exchange selects the newest valid certificate. 2. Certificates issued by a trusted CA vs. self-signed certificates Exchange selects certificates issued by a trusted CA over self-signed certificates. In most cases, Exchange selects a certificate issued by a trusted CA over a self-signed certificate regardless of the age of the certificate. If a valid certificate is not found, STARTTLS is not advertised -----------Refer to < Certificate Use in Exchange Server 2007> So, per my knowledge, we shall remove the old self-sign certificate Resources: Remove-ExchangeCertificate Replacing the Exchange 2007 Self-Signed Certificate

How's the problem now? Any update on it?

Everything worked out fine. Thanks!Mike