In Exchange 2010 or 2013, you might have issued a renewal of your SSL certificate.
In the Exchange Management Console (EMC) or the Exchange Admin Center (EAC), you assign the new services to the SSL certificate and now you want to remove the old SSL certificate, however you are presented with the error below:
In order to remove an SSL certificate you need to create a new certificate to replace the existing one as the internal transport certificate.
You can perform this task quickly in the Exchange Management Shell for a server or servers. The following command when run on the server in question will generate a self-signed certificate that contains the server’s FQDN and NetBIOS names on it.
- New-ExchangeCertificate -IncludeServerFQDN -IncludeServerNetBIOSName
If you running this for another machine, you can include the -Server switch in as well:
- New-ExchangeCertificate -Server HUB1 -IncludeServerFQDN -IncludeServerNetBIOSName
After this, you should now be able to remove the old SSL certificate without error.
Hope it helps.