Digital Signatures are electronic documents that are issued by certain Certificate Authority (CA). It is used for testing details of user or the server whenever any transaction is made. It comprises of the name, cessation date, a copy of certificate’s holder public key that is used (that is used for encrypting emails and the signatures). A digital signature for user or the server works like the license for a driver. Commonly, digital signatures are used to encrypt the messages so that the receiver can ensure that no changes has been made to the mail by the time it is passed from sender to receiver.
Secure Socket Layer (SSL) is used to secure the communication between the client and the server by making use of digital signature. When Exchange Server is installed, a self-signed certificate is automatically installed on Client Access Server as well the mailbox server which ensures that communication within the organization is encrypted. Although, these certificates maintains a trust within the same organization but mobile devices or web services won’t. If the client connects with the server using the SSL and is presented with self-signed certificate of Exchange Server, secure communication with SSL can be continues only when confirming the trust authority.
Exchange 2013 uses certificates to check out the servers that are communicating with each other. Since there is positive application of certificates in Exchange, it is important to manage them properly as a part of security process. However, SSL certificates should be configured properly for their efficient working. For example: SSL certificate for SMTP service giving error of overwriting the previous one.
It is important to understand that certificates for SMTP are a little different for other services when it is in concern with Exchange Server. For example: if the certificate is bound to the IIS service, it will remove the older one from the list and make a place for itself. However, same is not the case with SMTP certificates as at a time multiple SSL certificates can exist.
If Exchange Server 2013 is available on-premise, the PowerShell command Remove-ExchangeCertificate can be used to remove SSL certificate. The standard syntax to be followed is:
Note: The certificate that is been used cannot be removed using this command. If a certificate for the service exist by default and it has to be removed with another certificate that shares same FQDN, then a new certificate should be created first and then the older should be removed.
Thumbprint: Every certificate has a thumbprint that is the digest of certificate data.
Confirm: This switch will pause the command processing and enables the user to acknowledge what the command will perform before the processing starts.
Identity: This is the certificate ID.
WhatIf: This will allow to have a view over the changes that will take place while processing.
Removing SSL certificate from Exchange 2013 is a simple task using the Remove-ExchangeCertificate PowerShell command. By following the standard syntax, the certificates can be removed (if not needed or causing errors in efficient working).