Share via


Exchange 2010/2013: The Internal Transport Certificate Cannot be Removed

In Exchange 2010 or 2013, you might have issued a renewal of your SSL certificate. 

In the Exchange Management Console (EMC) or the Exchange Admin Center (EAC), you assign the new services to the SSL certificate and now you want to remove the old SSL certificate, however, you are presented with the error below:

https://collaborationpro.com/wp-content/uploads/2018/04/SSLCert.png

Solution:

In order to remove an SSL certificate, you need to create a new certificate to replace the existing one as the internal transport certificate.

You can perform this task quickly in the Exchange Management Shell for a server or servers. The following command, when run on the server in question, will generate a self-signed certificate that contains the server's FQDN and NetBIOS names on it.

  • New-ExchangeCertificate -IncludeServerFQDN -IncludeServerNetBIOSName

If you run this on another machine, you can include the -Server switch in as well:

  • New-ExchangeCertificate -Server HUB1 -IncludeServerFQDN -IncludeServerNetBIOSName

After this, you should now be able to remove the old SSL certificate without error.