Exchange 2010/2013: The Internal Transport Certificate Cannot be Removed

In Exchange 2010 or 2013, you might have issued a renewal of your SSL certificate.

In the Exchange Management Console (EMC) or the Exchange Admin Center (EAC), you assign the new services to the SSL certificate and now you want to remove the old SSL certificate, however you are presented with the error below:

Solution:

In order to remove an SSL certificate you need to create a new certificate to replace the existing one as the internal transport certificate.

You can perform this task quickly in the Exchange Management Shell for a server or servers. The following command when run on the server in question will generate a self-signed certificate that contains the server’s FQDN and NetBIOS names on it.

  • New-ExchangeCertificate -IncludeServerFQDN -IncludeServerNetBIOSName

If you running this for another machine, you can include the -Server switch in as well:

  • New-ExchangeCertificate -Server HUB1 -IncludeServerFQDN -IncludeServerNetBIOSName

After this, you should now be able to remove the old SSL certificate without error.

Hope it helps.

Views All Time
Views All Time
Views Today
Views Today
Advertisements

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.