Renew a Self Signed Certificate on an Exchange Server 2007

Exchange 2013 1

If you are using an Exchange system and have self signed certificates, every year you will have to renew the certificate. An expired certificate may cause problems such as connectivity to web services, SMTP transport and Outlook prompting certificate security warnings which is extremely annoying for users and also can cause problems with Out of Office settings.

To do this is very simple and can be done in minutes.

The following guide explains how to do this simple task.

First of all, you should check the current certificate to ensure that it has expired. To do this, logon to your Exchange server as an enterprise admin (usually a domain admin is not enough…), then start up the Exchange Management Shell (EMS).

In the EMS, type the following command:

Get-ExchangeCertificate | FL

This will then display the expiry status and also the date and time of when the certificate expires(d).

You should then make a note of the Thumbprint for this certificate as you will need it.

Once you have the thumbprint, type the following command:

Get-ExchangeCertificate –Thumbprint “ENTERYOURCURRENTCERTIFICATETHUMBPRINTHERE” | New-ExchangeCertificate

This will create a new certificate you will then be prompted to confirm if you want to overwrite the expired certificate, you should press Y to overwrite and continue.

You then need to run this command again:

Get-ExchangeCertificate | FL

You should take note of the new certificate thumbprint as we now need to enable the IIS services for it.

To do this, type the following command:

Enable-ExchangeCertificate –Thumbprint “ENTERYOURNEWCERTIFICATETHUMBPRINTHERE” –Services IIS

Once you have done this, you should check the new certificate is working, usually firing up Outlook on a client machine will prove this.

Once you are happy the new certificate is working, you should remove the old certificate.

To do this, type the following command:


You can then close down the EMS, logout of your Exchange server and your certificate should be fine for another year.

Recommended...  Use Powershell to download the latest offline definition updates for Microsoft Forefront Client Security, Microsoft Forefront Endpoint Protection 2010 and Microsoft System Center 2012 Endpoint Protection

One last thing to take note of, your users when they fire up Outlook, will need to install the newly created certificate when they are prompted to do so.

How useful was this post?

Click on a star to rate it!

Average rating / 5. Vote count:

No votes so far! Be the first to rate this post.

We are sorry that this post was not useful for you!

Let us improve this post!

Tell us how we can improve this post?

About A.J. Armstrong

Founder of TechyGeeksHome and Head Editor for over eight years! IT expert in multiple areas for over 21 years. Sharing experience and knowledge whenever possible! Making IT Happen.

View all posts by A.J. Armstrong

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.