Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Saturday, July 27, 2019 6:15 AM
I'm currently in search of a rogue expired certificate. If I log into the ECP, it pops up an alert that says that "IIS Certificate" is expired. If I click on the alert, it takes me to the server certificates tab, where no certificate matching that name is listed. I also checked the IIS SSL bindings on all sites for the server, checked netsh http show sslcert, checked certutil -store my, and Get-ExchangeCertificate. Nobody, anywhere, has a certificate by that name. Where is it finding this phantom certificate, and how do I get rid of it?
All replies (7)
Monday, July 29, 2019 2:30 AM
Hi AmateurSysadm,
Could you provide a screenshot about this alert?
Do you mean an alert that showed at the top right corner of ECP? If you remove this alert, whether is it show again when you login ECP next time?
I also want to confirm with you, does there exist certificate error when you access ECP?
If there doesn't issue, it means there doesn't exist issue with your certificate. If this is the pop-up that you said, you can find this certificate's thumbprint from detail information, then use this thumbprint to find certificate from your server.
Regards,
Kyle Xu
Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact [email protected].
Monday, July 29, 2019 7:27 AM
No, the alert appeared as a bell icon in ECP's status bar, not Explorer's. Clicking on the bell would drop down a message with the certificate alert and a "Details" link. Clicking the link switched ECP to the Certificates tab, where all usable certificates were listed, and the one in question was absent. This all happened every time I logged in. Rebooting the server did not fix this.
But now that I logged in to take a screen shot, there's no alert. Apparently the Exchange Gnomes logged in and fixed it over the weekend. For now, I guess I'll just accept this.
Monday, July 29, 2019 8:14 AM
Do you mean this bell? I forgot to provide a screenshot for this scenario before:
It means there exist a event before rather than now, if you don't remove it, it will exist for some time.
In you server, there may exist an certificate that expired before, so, there exist a alert about it. You renew certificate directly and forget to remove the alert before, so it will exist for some time.
Regards,
Kyle Xu
Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact [email protected].
Wednesday, July 31, 2019 5:22 PM
How does one "remove the alert"? I did not see any options about that.
Friday, August 2, 2019 10:56 AM
When this alert show up first time, click on it, it will be removed.
In your scenario, you renew your certificate directly without clicking on this alert, so this alert will remain some time.
Regards,
Kyle Xu
Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact [email protected].
Friday, August 2, 2019 5:11 PM
I clicked on the alert every time it popped up, though. That's how it guided me to the certificate list. Or do you mean that you have to click in the alert box in a location other than the "Details" link?
Tuesday, August 6, 2019 9:14 AM
Hi,
I think this is just a "ghost" alert which caused by delay, since it is disappear now, we can ignore it. If this alert occurs next time, we can continue to narrow down it.
Regards,
Kyle Xu
Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact [email protected].