Unbind services from old certificate in exchange 2019

ZCT 1 Reputation point
2021-12-15T18:07:35.967+00:00

Hello,

We have installed a replacement certificate in Exchange 2019 and have assigned all of the services to the new certificate.

We just need a way to temporarily unbind the old certificate from the Exchange services so that we can test before we completely remove the existing certificate.

I cannot find a way to simply unbind those services like SMTP, etc from the old certificate. in EAC its all greyed out and I can't find CMDlet to do this in exchange management shell.

Can anyone tell me how I can just unbind IMAP, POP, SMTP from a certificate without deleting it?

Exchange Server Management
Exchange Server Management
Exchange Server: A family of Microsoft client/server messaging and collaboration software.Management: The act or process of organizing, handling, directing or controlling something.
7,195 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Andy David - MVP 137.9K Reputation points MVP
    2021-12-15T18:15:39.627+00:00

    You can't without removing the cert

    Some will tell you to run:

    enable-exchangecertificate -Services $null  
    

    but that doesnt work.

    What you can do is enable protocol logging and you should see the clients using the new cert.

    For SMTP for example:
    https://learn.microsoft.com/en-us/exchange/mail-flow/connectors/configure-protocol-logging?view=exchserver-2019

    Enable on the connectors and check the SMTP protocol logs, it will show the certificate used

    https://learn.microsoft.com/en-us/powershell/module/exchange/enable-exchangecertificate?view=exchange-ps

    158022-image.png

    1 person found this answer helpful.
    0 comments No comments