We have installed a new exchange 2007 server into our existing domain to share the Transport & CAS roles. Once we completed the setup & imported the certificates all our outlook users started getting the Certificate Security pop with the new server name. I am in the process of regenerating our digicert to add the new server name. for this i need to 1st generate a CSR. please advise, if i need to create this CSR on the old server or new server. Now when I go to IIS 7.0, on my old server, under server certificates, i can see 2 certificates, one is the existing working one & the other is the expired certificate. is it safe to remove the expired certificate? on my new server, under server certificates, i can see 2 certificates, one is the same as the working certificate as on my old server and the other is one issued by the server during setup, it has got the netbios name of the server itself. is it safe to remove this certificate? please advise. Thank You Philip

Depending on the URL's which have been set and what's included in your Digicert Certificate will determine if you get the certificate prompt or not. See this Security warning when you start Outlook 2007 and then connect to a mailbox that is hosted on a server that is running Exchange Server 2007 or Exchange Server 2010: "The name of the security certificate is invalid or does not match the name of the site" Make sure the correct name are in the Digicert certificate and then assign to services such as IIS, SMTP and then remove the self-signed/expired certificates.Sukh

Once I install the new certificate on my 1st exchange server, do I need to import this certificate to the new server as well or can i install it the same way on the new server.

Not sure what you mean above, once you have the certificate with the correctc names, import and assign this to the services on each Exchange server you want.Sukh

Hi, How did you installed the certificate? Please try to run the cmdlet below and then post the result here: get-exchangecertificate |fl We need to verify what service has been enabled on the new certificate.Xiu Zhang TechNet Community Support