Oltism.Com Nerdaliciousness + Informative solutions underway!

12Feb/103

Exchange Server 2007: Renewing the self-signed certificate

1 To renew the certificate for a server:

Get-ExchangeCertificate | fl

Note the services the certificate is enabled for (by default: POP, IMAP, IIS, SMTP on CAS + HT servers). Copy the thumbprint of the certificate.

Get a new certificate with a new expiration date:

Get-ExchangeCertificate -thumbprint "C5DD5B60949267AD624618D8492C4C5281FDD10F" | New-ExchangeCertificate

If the existing certificate is being used for SMTP, you will get the following prompt:

Type Y to continue. A new certificate is generated.

The new certificate is generated and enabled. Examine the new certificate:

Get-ExchangeCertificate -thumbprint "3DA55740509DBA19D1A43A9C7161ED2D0B3B9E3E" | fl

2 The old certificate is enabled for IIS, POP, IMAP and SMTP. The new certificate generated using the above command is enabled only for POP, IMAP and SMTP - IIS is missing.

To enable the certificate for IIS:

Enable-ExchangeCertificate -thumbprint "3DA55740509DBA19D1A43A9C7161ED2D0B3B9E3E" -services IIS

This enables the certificate for IIS (in addition to any other services it may already be enabled for - it adds to existing values of the services property).

Test services are working with the new certificate. If it works as expected, the old certificate can be removed:

Remove-ExchangeCertificate -thumbprint "C5DD5B60949267AD624618D8492C4C5281FDD10F"

Tagged as: , , , , 3 Comments
   

Tags

2003 2003 Server 2008 Server Antivirus AV Certificates ClamAV configure Corrupt Database Credential Manager Directory Browsing entertainment Exchange 2007 Free FTP geek Home Premium How To HP IIS 7 Info install Management Console mobile movie New flat Oltism.com PCTOOLS perdonal Procedure RDP Renewal Russian SBS snmp tech Terminal Licensing Server Thumbprint Uninstall video Virtual Directory Vista Win 7

Recent Posts

Admin

Blogroll

Archives