This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(3.2, 30%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJM%3C/text%3E%3C/svg%3E)
Ex 2016 has a fqdn 3rd party SSL cert with services iis/pop/imap/smtp (cert1) and also another certificate with pop/imap/smtp from local CA (cert2) that expires in a year but that i want to remove from the server. I believe the command Get-ExchangeCertificate -domainname fqdn will return the ORDER in which exchange will use the certs. If cert1 appears at the top of the list, then i can expect that if i remove cert2 none of the services should be affected? Is this correct?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(300.8, 20%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAX%3C/text%3E%3C/svg%3E)
Hi @jeff mcnabney ,
So you are now using the cert1(3rd party SSL) in Exchange server 2016.
You can't remove the certificate that's being used. And the cert2 is unused right?
In that case you can remove the old one.
Here’s a document for you reference.
Remove-ExchangeCertificate (ExchangePowerShell) | Microsoft Learn
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Hi @jeff mcnabney ,
It's been a while, is there any update?
If the above suggestion helps, please click “Accept as answer” to mark helpful reply as an answer. Your action would be helpful to other users who encounter the same issue and read this thread.
The 3rd party cert is currently pending for renewal. I will not remove the on-prem CA cert until the 3rd party has been renewed and services are assigned.
Hi @jeff mcnabney ,
That's ok.
You could totally remove the cert until the 3rd party cert has been renewd.
Hi @jeff mcnabney ,
It's been a while, is there any update?
If the above suggestion helps, please click “Accept as answer” to mark helpful reply as an answer. Your action would be helpful to other users who encounter the same issue and read this thread.
Thanks for your understanding.