Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Wednesday, November 9, 2016 5:30 PM
I have a GoDaddy SAN cert for my Exchange 2013 servers with a number of Subject Alternative Names. I installed this cert and assigned it to use it for IMAP, POP, SMTP, and IIS. It is the certificate assigned in bindings to the Default Web Site.
All my Exchange 2013 servers are multi-role with the Mailbox and FrontEnd functions covered on the each server.
My issue is that I have two additional certificates, "Microsoft Exchange Server Auth Certificate" assigned to SMTP, and "Microsoft Exchange" assigned to SMTP and IIS. When I attempt to edit the services assigned to either of these latter two certs, I find the SMTP option checked but grayed out so that I cannot uncheck it.
I'm see issues where some SMTP requests are picking up these self-signed certs and breaking some scanners, printers, and send-as options for Gmail users.
Is this the way this is supposed to work? It seems amiss but i'm not sure how best to resolve. Any help greatly appreciated.
All replies (4)
Thursday, November 10, 2016 1:29 AM âś…Answered | 1 vote
Exchange by default will bind the self signed certificate to the SMTP service. When you add an additional certificate it, unfortunately, does not remove the binding from the previous cert. You can remove the certificate through powershell.
To list all your certificates
Get-ExchangeCertificate | Select thumbprint, services, subject, certificatedomains
To remove the certificate from the service use the below commands
Enable-ExchangeCertificate -Service None -thumbprint <thumbprint select from above>
Thursday, November 10, 2016 8:55 PM
I elected to leave the certificates auto installed when I installed Exchange 2013. I instead created a new receive connector for internal relaying with TLS and my authenticated scanning and printing devices are happy.
Friday, November 11, 2016 2:35 PM
Glad to hear that it's helpful and thanks for your kindly sharing. If you need further help, please feel free to contact us.
Regards,
Jason Chao
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Sunday, April 7, 2019 8:04 PM
In my Exchange 2013 CU22 this command do nothing
Enable-ExchangeCertificate -Service None.
When I add thumbprint and pres enter nothing happens :( . Any ideas.
I have certyficate trusted every look fine but when i send mail smtp the default certyficate its beining use.
Can I delete default certificate without any consequences ?