How To: Renew expired Exchange 2007 Certificate

If your Exchange Certificate expires after 1 year of duty, you’ll probably notice many unhappy faces trying to rip you apart every morning. Users will receive Certificate Warnings when opening Outlook or using Outlook Web Access.
In addition, you get the following events on the Exchange 2007 Server:

Log Name: Application
Source: MSExchangeTransport
Date: 4/14/2009 2:10:22 PM
Event ID: 12015
Task Category: TransportService
Level: Warning
Keywords: Classic
User: N/A
Computer: MSX2K7
Description:
An internal transport certificate expired. Thumbprint:A0F32351EC29C1451B43CF7438AA1A4E147EA54D

Here’s what you need to do (Step by step):

Open the Exchange 2007 Management Shell and type:

Get-ExchangeCertificate | List
To receive a List of Certificates installed

New-ExchangeCertificate
To create a new Exchange Certificate

Enable-ExchangeCertificate -Thumbprint 57540C16F16C941CCB761079A5FC3402F34A3F69 -Service IIS
To Enable the new Certificate on the IIS Service (You can see the Thumbprint of your newly created certificate after you execute the “New-ExchangeCertificate” command. Replace this Thumbprint above with your own)

Remove-ExchangeCertificate -Thumbprint A0F32351EC29C1451B43CF7438AA1A4E147EA54D
And finally remove the old Certificate from the store

6 responses to How To: Renew expired Exchange 2007 Certificate

Hey Dude, good question, but bad news I guess. The New-ExchangeCertificate cmdlet only supports these Parameters:
-BinaryEncoded
-Confirm [
]
-DomainController
-DomainName
-Force
-FriendlyName
-GenerateRequest
-IncludeAcceptedDomains

-IncludeAutoDiscover

-Instance
-KeySize
-Path
-PrivateKeyExportable < $true | $false>
-Services
-SubjectName
-WhatIf []

@Computer Support Guy

Leave a Reply