Remove a certificate from a service
Patrick Alley
have tried removing the certificate, importing it again, and re-enabling it
without SMTP specified but it retains the original services which included
SMTP.
Is there anyway to remove this certificate from the SMTP service so the
system will use the self-signed?
Thanks!
----------------------
Patrick Alley, MCSE
Wayne Hollomby
powershell command
http://technet.microsoft.com/en-us/library/aa997231.aspx
Use get-exchangecertificate to show you which certifcate has SMTP enabled
and to get the thumbprint for each certifcate also
Wayne
"Patrick Alley" <Patric...@discussions.microsoft.com> wrote in message
news:73F95BD4-3BBB-4898...@microsoft.com...
Lanwench [MVP - Exchange]
Hmmm. You generally set up certificates in IIS, not Exchange. What versions
& SPs of everything, where are you seeing errors, and what is the
certificate for?
![Oliver Moazzezi [MVP]'s profile photo](http://lh3.googleusercontent.com/a-/ALV-UjXll6BnLmwYHZwTyWKE6Ih0dcSBKFLh6NhxnmEs6067SqMDdg=s40-c)
Oliver Moazzezi [MVP]
for use via Powershell. I would follow Wayne Hollombys advice here.
Oliver
Patrick Alley
I am running Exchange 2007 SP1 (w/rollup 4). This is my SAN (subject
alternative name) certificate that I am using for POP, IMAP, and IIS. I
enabled it through powershell but I spaced and added SMTP to the services I
was enabling it for. Problem is that my internal FQDN is not specified in
this cert so my Outlook 2007 client are complaining about the certificate.
My goal is to get my SMTP service back to using the self-signed certificate
that Exchange generated.
Thanks.
----------------------
Patrick Alley, MCSE
Patrick Alley
This is the method I used to enable the certificate originally. Problem is
that I enabled it for SMTP when I did not need to. Now I cannot remove it
from the SMTP service.
----------------------
Patrick Alley, MCSE
Andy David {MVP}
<Patric...@discussions.microsoft.com> wrote:
>Thank you.
>
>This is the method I used to enable the certificate originally. Problem is
>that I enabled it for SMTP when I did not need to. Now I cannot remove it
>from the SMTP service.
Why dont you want it enabled for SMTP?
Patrick Alley
This is causing my Outlook 2007 clients to complain. I could disable
encryption on the clients to resolve this but I don't want to go there if I
don't have to.
----------------------
Patrick Alley, MCSE
Andy David {MVP}
<Patric...@discussions.microsoft.com> wrote:
>The certificate does not contain the internal FQDN for my Exchange server.
>This is causing my Outlook 2007 clients to complain. I could disable
>encryption on the clients to resolve this but I don't want to go there if I
>don't have to.
Well, the "new-exchangecertificate" ( with no other switches) command
should automatically create a self-signed cert and prompt you to
overwrite the existing one for SMTP. I would double check to make sure
the other services are still set for the other cert after that.
Patrick Alley
the certificate without issue but when I try to enable it for SMTP with the
-services switch, I receive a message stating that the 3rd party certificate
takes precedence.
The kicker is that if I remove the certificate completely, import it again,
and then try to only enable it for POP, IMAP, and IIS, it will still grab
SMTP like it is retaining the information from before I removed it. I am not
sure where it is getting this information because I have checked the
certificate store on the server before and after running the
remove-exchangecertificate cmdlet and found that the certificate is being
removed from the server's store when the cmdlet is run.
Wayne Hollomby
enable-exchangecertificate -thumbprint "thumbprint of self signed
cert" -services none
this should remove all services from that cert
Wayne
"Patrick Alley" <Patric...@discussions.microsoft.com> wrote in message
news:D9972A41-65D7-4BBB...@microsoft.com...