Remove exchange certificate that is not the default smtp certificate

jeff mcnabney 301 Reputation points
2022-02-02T15:50:37.237+00:00

Ex 2016 has a fqdn 3rd party SSL cert with services iis/pop/imap/smtp (cert1) and also another certificate with pop/imap/smtp from local CA (cert2) that expires in a year but that i want to remove from the server. I believe the command Get-ExchangeCertificate -domainname fqdn will return the ORDER in which exchange will use the certs. If cert1 appears at the top of the list, then i can expect that if i remove cert2 none of the services should be affected? Is this correct?

Exchange Server Management
Exchange Server Management
Exchange Server: A family of Microsoft client/server messaging and collaboration software.Management: The act or process of organizing, handling, directing or controlling something.
7,386 questions
0 comments No comments
{count} votes

Accepted answer
  1. Aaron Xue-MSFT 2,586 Reputation points Microsoft Vendor
    2022-02-03T07:24:46.297+00:00

    Hi @jeff mcnabney ,

    So you are now using the cert1(3rd party SSL) in Exchange server 2016.

    You can't remove the certificate that's being used. And the cert2 is unused right?

    In that case you can remove the old one.

    Here’s a document for you reference.
    Remove-ExchangeCertificate (ExchangePowerShell) | Microsoft Learn


    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


0 additional answers

Sort by: Most helpful