This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(256, 53%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERA%3C/text%3E%3C/svg%3E)
Hello,
We are running an Exchange 2016 Standard server (Version 15.1 (Build 466.34)).
The following Self-Signed Certificate recently expired:
Name: Exchange UCC 2017
Status: DateInvalid
Issuer: CN=Starfield Secure Certificate Authority - G2, OU=http://certs.starfieldtech.com/repository/, O="Starfield Technologies, Inc.", L=Scottsdale, S=Arizona, C=US
Expires on: 10/23/2020
Subject:
Assigned to services
SMTP: CN=remote.<domain>.com, OU=Domain Control Validated
Thumbprint: D********CECA
Serial Number: 1D0*********F3E20
Public key size: 2048
Has Private key: Yes
Services:
IMAP
POP
We do have a separate, valid cert that handles IIS & SMTP:
Microsoft Exchange
Self-signed certificate
Issuer: CN=<Exchange Server Name>
Status
Valid
Expires on: 8/16/2021
Expires on:Renew
Assigned to services
IIS, SMTP
What is the appropriate action to take? Should it simply be renewed?
There is currently no impact, but I want to ensure I do this correctly.
Thanks in advance.
Regards,
Rudy
78992-certificate-exchange-ucc-2017.txt
![78945-78438-certlist.png][2]
![78591-cert3.jpg][5]
[2]: /api/attachments/78945-78438-certlist.png?platform=QnA [5]: /api/attachments/78591-cert3.jpg?platform=QnA
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 22%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKY%3C/text%3E%3C/svg%3E)
Hi, Rudy.
Since this forum is public, I have covered the personal information for you in the question.
For security reasons, please don't forget to hide your personal information in your post.
Thanks for your understanding!
Agree with Andy,
since the certificate is not an Exchange self-signed certificate,
if there are some users in your organization using POP3 or IMAP4 to connect to your Exchange server,
the best practice would be to contact with the certificate issuer and renew the certificate.
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Thank you for doing that.
Understood. Thanks.
thats not a self-signed cert:
'issuer: CN=Starfield Secure Certificate Authority - G2, OU=http://certs.starfieldtech.com/repository/, O="Starfield Technologies, Inc.", L=Scottsdale, S=Arizona, C=US"
So renew it?
Thanks Andy.