Renew an Exchange 2010 Certificate with EMC and PowerShell

You can use the Renew Exchange Certificate wizard to renew an existing Exchange Secure Sockets Layer (SSL) certificate.

Prerequisites
The Client Access server role has been installed and at least one certificate is installed on your Client Access server.

This is what you can do:

  • Use the Exchange Management Console (EMC) to renew an Exchange certificate
  • Use the Shell to renew an Exchange certificate

Use the EMC to renew an Exchange certificate

You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the “Client Access server security settings” entry in the Client Access Permissions topic.

  1. In the console tree, click Server Configuration.
  2. Select the server that contains the certificate, and then select the certificate you want to renew.
  3. In the action pane, click Renew Exchange Certificate.
  4. On the Renew Exchange Certificate page, select the services you want to assign to the renewed certificate. The services that are checked are currently assigned to the certificate.
  5. When you click Assign, the Progress page will confirm your selections and try to renew the certificate.
  6. Click Yes to overwrite the existing certificate with the renewed certificate.
  7. The Completion page will display the status of the request in addition to the syntax of the cmdlet needed to renew the certificate.

Use the Shell to renew an Exchange certificate

You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the “Client Access server security settings” entry in the Client Access Permissions topic.

This example renews the self-signed Exchange certificate by using its thumbprint to identify the certificate.

Get-ExchangeCertificate -Thumbprint 'AD19B141228C7CF98B5F78DCED978B7C45E15434' | New-ExchangeCertificate

This example generates a request to renew a certificate issued by a certification authority.

Get- ExchangeCertificate -Thumbprint 'AD19B141228C7CF98B5F78DCED978B7C45E15434' | New-ExchangeCertificate -GenerateRequest -PrivateKeyExportable $true

To find the thumbprint value of the certificate that you want to renew, run the following command:

Get-ExchangeCertificate | where {$_.Status -eq "Valid" -and $_.IsSelfSigned -eq $false} | Format-List FriendlyName,Subject,CertificateDomains,Thumbprint,NotBefore,NotAfter

For detailed syntax and parameter information, see New-ExchangeCertificate.

Note: After you generate a certificate request, you must submit it to a certification authority, obtain a signed certificate and install the certificate on the same server. For details, see Obtain a Server Certificate from a Certification Authority and Install an SSL Certificate on a Client Access Server.

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s