I have 2 issues with certificates;

1. Event ID: 13, Source: CertificateServicesClient-CertEnroll;
   
   "Certificate enrollment for Local system failed to enroll for a DomainController certificate with request ID N/A from Porter.CO.CHELAN.WA.US\Chelan Certificate Authority (The RPC server is unavailable. 0x800706ba (WIN32: 1722)).".
   
   
2. Self-signed certificate for "Microsoft Exchange Server Auth Certificate" as "Revocation check failed" certificate and expires on 7/23/15, IMAP, POP, IIS, SMTP
   

That being said;

We converted from Ex2007 (aka "Porter") to Ex 2013 (aka "Pebbles") about a 2 years ago and decommissioned the 2007 server (Porter) completely as required with the help of MS Tech Support.  At that time, we used self-signed certificates and I thought that MS got rid of all remnants of our old server (Porter).  However, I'm currently receiving a certificate error in the Event Viewer.

Under EAC/Servers/Certificates I see the following;

• self-signed certificate for "Porter" as a "Valid" certificate and expires on 4/2/2019, IMAP, POP, SMTP
  
• self-signed certificate for "Pebbles" as a "Valid" certificate and expires on 7/23/2018, IMAP, POP, SMTP
  
• self-signed certificate for "Chelan Certificate Authority" as a "Valid" certificate and expires on 7/23/2018, IMAP, POP, SMTP
  
• self-signed certificate for "Microsoft Exchange Server Auth Certificate" as "Revocation check faild" certificate and expires on 7/23/15, IMAP, POP, IIS, SMTP
  

We purchased a SAN certificate and are planning on implementing it soon.  Will this take care of these messages or should I work on fixing them before?

Win2012/Ex2013 sp1

Penny

Hi Penny,

If you will install a new third-party SAN certificate in your environment, please assign all services on it. Then this new certificate would be used for Exchange service.

If all needed namespaces have been included in the new certificate, the self-signed certificate would not be used and you can ignore leave the self-signed certificate alone in your server.

Certainly, if you want renew the self-signed certificate, we can also use the following command to renew it (supposing the certificate c4248cd7065c87cb942d60f7293feb7d533a4afc is the expired certificate):

Get-ExchangeCertificate -Thumbprint c4248cd7065c87cb942d60f7293feb7d533a4afc | New-ExchangeCertificate

Regards,

I'm trying to install the GoDaddy certificate and I followed their instructions, I see my "Pending request" when I click complete it gives me the following error;

A special Rpc error occurs on server PEBBLES: Cannot import certificate. A certificate with the thumbprint D9DE27EBB2F0B4C895754C863F4F699D8B2BCE76 already exists.

I ran get-exchangecertificate and looked for the thumbprint and it doesn't exist.  What did I miss?

You need to check the certificate on the local server via the Certificates snap-in, remove the currently installed and repeat cmdlet.