How to renew Exchange self-signed certificates 2007

Print Friendly, PDF & Email

This article shows a task that we will have to perform in our Microsoft Exchange organization 2007, as the services offered by Exchange use certificates to ensure connectivity, whether internal or external communication. In principle, once we have installed Exchange Server 2007, The certificates you generate for each service will last us a year, so before they expire we will have to renew them, We will detect this with events in the Event Viewer, or directly due to a drop in said service.

The first thing is to know the certificates that we have installed on each Exchange server 2007, running in the “Exchange Management Shell” the command 'Get-ExchangeCertificate'’ or with some filter parameter such as '-domain “Domain Name” | Fl”. We can put other filters to get more detail and see the expiration date (For example). In this case it is a certificate that is in the SMTP service (S),

Now we must generate a new certificate from the fingerprint of the previous one to be replaced, by the: 'Get-ExchangeCertificate -Thumbprint “HUELLA_DEL_CERTIFICADO_VIEJO” | New-ExchangeCertificate'. You will ask us to replace the old certificate, We confirm it.

Now we will enable the newly generated certificate in the services we are interested in (SMTP, SMTP , POP , IMAP , UM , and IIS) with the command 'Enable-ExchangeCertificate -Thumbprint “HUELLA_DEL_CERTIFICADO_NUEVO” -Services [SERVICE],[SERVICE],[SERVICE…]’

Once the certificate is enabled, we check again that everything is correct and we look again at the certificates we have (using Get-ExchangeCertificate, with or without the filter we have). If we have the new certificate associated with the same services as the old one and we have verified that everything works correctly (mail traffic in my case) we can delete the old certificate with 'Remove-ExchangeCertificate -Thumbprint “HUELLA_DEL_CERTIFICADO_VIEJO”.

If we have any Edge Transport server (Edge Transport) we will have to delete the current subscription between the Transport Hub (Hub Transport) and Perimeter Transport. At last, We'll recreate the subscription and start it.


Recommended Posts

VPN with Citrix NetScaler II - Requiring certificates to access
Read
SmartCard logins to Active Directory
Read
New Teams on Citrix
Read
VPN with Citrix NetScaler III - Authentication with certificates
Read

Author

by Héctor Herrero 
nheobug@bujarra.com
Autor del blog Bujarra.com Cualquier necesidad que tengas, Do not hesitate to contact me, I will try to help you whenever I can, Sharing is living ;) . Enjoy documents!!!

How to renew Exchange self-signed certificates 2010

11 of March of 2010

Installing certificates for our users via GPO

18 of March of 2010