Renew a Self Signed Certificate on an Exchange Server 2007

TGH Featured Image Wordcloud

If you are using an Exchange system and have self signed certificates, every year you will have to renew the certificate. An expired certificate may cause problems such as connectivity to web services, SMTP transport and Outlook prompting certificate security warnings which is extremely annoying for users and also can cause problems with Out of Office settings.

To do this is very simple and can be done in minutes.

The following guide explains how to do this simple task.

First of all, you should check the current certificate to ensure that it has expired. To do this, logon to your Exchange server as an enterprise admin (usually a domain admin is not enough…), then start up the Exchange Management Shell (EMS).

In the EMS, type the following command:

 Get-ExchangeCertificate |FL  

This will then display the expiry status and also the date and time of when the certificate expires(d).

You should then make a note of the Thumbprint for this certificate as you will need it.

Once you have the thumbprint, type the following command:

 Get-ExchangeCertificate –Thumbprint “ENTERYOURCURRENTCERTIFICATETHUMBPRINTHERE” | New-ExchangeCertificate  

This will create a new certificate you will then be prompted to confirm if you want to overwrite the expired certificate, you should press Y to overwrite and continue.

You then need to run this command again:

 Get-ExchangeCertificate |FL  

You should take note of the new certificate thumbprint as we now need to enable the IIS services for it.

To do this, type the following command:

Enable-ExchangeCertificate –Thumbprint “ENTERYOURNEWCERTIFICATETHUMBPRINTHERE” –Services IIS  

Once you have done this, you should check the new certificate is working, usually firing up Outlook on a client machine will prove this.

Once you are happy the new certificate is working, you should remove the old certificate.

To do this, type the following command:


You can then close down the EMS, logout of your Exchange server and your certificate should be fine for another year.

One last thing to take note of, your users when they fire up Outlook, will need to install the newly created certificate when they are prompted to do so.

You might also like...

Leave us a message...

This site uses Akismet to reduce spam. Learn how your comment data is processed.