Exchange 2016 Standard ‎(Build 466.34)‎ | What the correct way to deal with an expired certificate (Exchange UCC 2017)

Rudolf Amarlapudi 476 Reputation points
2021-03-17T04:53:12.45+00:00

Hello,

We are running an Exchange 2016 Standard server (Version 15.1 ‎(Build 466.34)‎).

The following Self-Signed Certificate recently expired:

Name: Exchange UCC 2017
Status: DateInvalid
Issuer: CN=Starfield Secure Certificate Authority - G2, OU=http://certs.starfieldtech.com/repository/, O="Starfield Technologies, Inc.", L=Scottsdale, S=Arizona, C=US
Expires on: 10/23/2020
Subject:

Assigned to services
SMTP: CN=remote.<domain>.com, OU=Domain Control Validated
Thumbprint: D********CECA
Serial Number: 1D0*********F3E20
Public key size: 2048
Has Private key: Yes

Services:
IMAP
POP

We do have a separate, valid cert that handles IIS & SMTP:
Microsoft Exchange
Self-signed certificate
Issuer: CN=<Exchange Server Name>
Status
Valid
Expires on: 8/16/2021
Expires on:Renew
Assigned to services
IIS, SMTP

What is the appropriate action to take? Should it simply be renewed?

There is currently no impact, but I want to ensure I do this correctly.

Thanks in advance.

Regards,
Rudy

78992-certificate-exchange-ucc-2017.txt

![78945-78438-certlist.png][2]

![78591-cert3.jpg][5]

[2]: /api/attachments/78945-78438-certlist.png?platform=QnA [5]: /api/attachments/78591-cert3.jpg?platform=QnA

Exchange Server Management
Exchange Server Management
Exchange Server: A family of Microsoft client/server messaging and collaboration software.Management: The act or process of organizing, handling, directing or controlling something.
7,497 questions
{count} votes

Accepted answer
  1. Andy David - MVP 145.1K Reputation points MVP
    2021-03-17T12:06:42.593+00:00

    thats not a self-signed cert:
    'issuer: CN=Starfield Secure Certificate Authority - G2, OU=http://certs.starfieldtech.com/repository/, O="Starfield Technologies, Inc.", L=Scottsdale, S=Arizona, C=US"

    So renew it?

    https://learn.microsoft.com/en-us/exchange/architecture/client-access/renew-certificates?view=exchserver-2019#renew-a-certificate-that-was-issued-by-a-certification-authority


0 additional answers

Sort by: Most helpful