Tuesday 8 June 2010

Microsoft Exchange 2007 certificate expiry

Microsoft Exchange 2007 certificate expiry, Error in Windows Application logs


The STARTTLS certificate will expire soon: subject: exchserv.local, hours remaining:

This will occur if you are relying on the default certificates, you will need to update yearly.

On the exchange server 2007 which need new certificate, to see current certificate

Get-ExchangeCertificate | List

You will need to make a note of the services, IMAP, POP, IIS and SMTP

Now to add a new certificate

New-ExchangeCertificate

You will see the expiry date and various options, say yes to all

Now check the new certificate

Get-ExchangeCertificate | List

And make sure all services are included; in my case IIS service never loads the new certificate, so you need to add the new certificate to the missing IIS service.

Get the Thumbprint value from the new certificate. “Get-ExchangeCertificate |
List

Enable-ExchangeCertificate –Thumbprint 67666866126376newone -Service IIS

Now remove the old certificate

Remove-ExchangeCertificate –Thumbprint 26556556565657565675oldvalue

When you “Get-ExchangeCertificate | List” you should have the new certificate with the original services.

You can always buy a certificate, which will last longer than a year.

No comments:

Post a Comment