Home > Exchange 2007 > Renewing Internal Certificates –> The Easy Way

Renewing Internal Certificates –> The Easy Way

October 15, 2008 Leave a comment Go to comments

Internal certificates for Exchange expire. End of.

You need to be wary, and keep an eye on your Event logs (especially for any Hub Transport or Edge role servers), and look for the following error message;


Event Type: Warning
Event Source: MSExchangeTransport
Event Category: TransportService
Event ID: 12018
Date: 08/09/2008
Time: 12:24:15
User: N/A
Computer: SERVER
Description:
The STARTTLS certificate will expire soon: subject: SERVER.DOMAIN.LOCAL, hours remaining: A41370EEC5510BD5D5F3D1DB4A8D27846F045A2C. Run the New-ExchangeCertificate cmdlet to create a new certificate.

When you get these, it’s easy enough to fix.

Get-exchangecertificate.jpeg

Note the services the certificate is enabled for (by default: POP, IMAP, IIS, SMTP on CAS + HT servers). Copy the thumbprint of the certificate, and run the following;

get-exchangecert2.jpeg

If the certificate is SMTP enabled, you will get the following error message;

get-exchcert3.jpeg

Select [Y] for Yes.

Checking the certificate again, you should find the new one installed with a new expiry date (and the old one too);

get-exchcert4.jpeg

If you wish to use the Certificate for IIS also, type the following;

enable-exch1.jpeg

Ok, last bit. Test the certificates are working, then remove the old;

remove-exch.jpeg

All done.

About these ads
Categories: Exchange 2007
  1. No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s

Follow

Get every new post delivered to your Inbox.

%d bloggers like this: