Thursday, November 26, 2009

Exchange Server 2007: Renewing the self-signed certificate

Exchange Server 2007 issues itself a self-signed certificate for use with services like SMTP, IMAP, POP and IIS . The certificate is issued for a period of one year.

Here is the Step By Step Process to Renew Exchange 2007 self signed certificate.

NOTE: Thumbprints shown in this articles are unique. These thumbprints was for my test lab. they have to be different for your environment. So Proceed accordingly.

1.To check the existing certificate on exchnage server. Run this command

Get-ExchangeCertificate | list
This will show the existing certificate with thumbprint.

2. Copy the thumbprint of the certificate

3. Get a new certificate with a new expiration date:
Run this command

Get-ExchangeCertificate -thumbprint "CF8E6C3B577207B42B9481C60A2BAD616A64411F"

4. If the existing certificate is being used for SMTP, you will get the following prompt

5. Type y to continue. A new certificate is generated.

6. The new certificate is generated and enabled. Examine the new certificate
Get-ExchangeCertificate -thumbprint "87776F7A5072A54FAEA000E740768713459F2688" | FL
This will show the generate date and expiration date of new certificate. The new certificate is valid for one year.
7. Test services if working with the new certificate and everything is fine, the old certificate can be removed:
Run this command to remove the old certificate
Remove-ExchangeCertificate -thumbprint “CF8E6C3B577207B42B9481C60A2BAD616A64411F"
You will receive a confirmation message. Type y to confirm. The old certificate will be removed.

No comments:

Post a Comment