This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Hi All,
I have imported and installed a new ssl certificate in our Exchange server and then ran a HCM wizard and select a new certificate for the send connector. however when I tried to delete the previous certificate below error message has popped up. one thing is the previous certificate also vaild till 25/11/2020 and we have renewed early. but I think it won't be a problem with deleting a previous one since we already installed a new certificate. we have only one exchange server in our environment.
appreciate any one can help here to resolve this.
Thanks,
Dilan
Hi there, I have seen that many times!
The solution is to open the local certificate store on the Exchange server for the local computer.
Type at the RUN Menu:
certlm.msc
Find the OLD cert that you want to remove under the "Personal" container and delete it from there by right-clicking on it and choosing delete. Make sure you choose the old one ( verify by date and thumbprint.
After that , do an IIRESET to ensure its removed and you are good.
Hi AndyDavid,
thank you very much for your reply.
How do I completely make sure it won't be impacting the mail flow. I have this concerns because of the error message basically saying that certificate is still binding to the send connector.
Thanks,
Dilan
Its a funky error. You assigned SMTP to the services to that cert and ran the HCW right?
In that case you can remove the old. The Subject and Issuer are probably the same as the new cert right? That's what confuses the GUI and throws that error.
The easy way to see what cert is being used to look at the SMTP protocol logs.
So for that send connector:
Enable logging if its not already:
Then look in the logs at %ExchangeInstallPath%TransportRoles\Logs\Hub\ProtocolLog\SmtpSend and see what cert its using. It will show the cert thumbprint in the logs
Do a search for the new thumbprint in the logs and you should see it listed for these connection
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(48, 71%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELZ%3C/text%3E%3C/svg%3E)
Agree with AndyDavid. Since you have assigned the new certificate to POP, IMAP, IIS, SMTP services, and if you also have re-run HCW, the mail flow should work well with the new certificate. You can remove the old cert from Personal store, then try to delete the old certificate again.
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.