I've tried the following, but the expired cert is not listed in the store, it however is listed in the registry. I'm hesitant to delete the cert from the registry, it looks like a new cert was issued a month before the current one expired, and another cert was issued to itself the day after it expired.
This machine is an exchange server, a domain controller, and has certificate services installed. Terrible idea, I didn't do it!
To resolve this issue, you need to create a new certificate for exchange server.
If you are using a exchange self signed certificate, please follow these steps to create a new certificate:
Step 1: Delete the expired certificate:
a. Run get-exchangecertificate |fl , please note the Thumbprint number of the expired certificate, such as 5113ae0233a72fccb75b1d0198628675333d010e.
b. Runremove-exchangecertificate -thumbprint 5113ae0233a72fccb75b1d0198628675333d010eto delete this expired certificate.
Step 2: Generate a new exchange certificate
new-exchangecertificate
If You may get a prompt to overwrite the default SMTP certificate. type A to overwrite it.
Step 3: Enable this new certificate for the exchange services:
Enable-exchangecertificate -thumbprint <the new certificate you just created> -services:IIS,SMTP,POP,IMAP
More information, please refer the following link:
http://technet.microsoft.com/en-us/library/aa997231(EXCHG.80).aspx