Renewing a self-signed certicate in Exchange 2007

While I was looking in the event logs of one of my Exchange 2007 Hub Transport Servers this morning I noticed the following warning message:


This is because Exchange 2007 issues a self-signed certificate for use with services like SMTP,IMAP,POP,IIS and UM and these certificates have validity period of 1 year.

To renew the certificate, open the Exchange Management Shell on the server in question and run the following powershell command:

Get-ExchangeCertificate -domain “fqdn of server”  | fl

Copy the thumbprint of the certificate which is displayed and then to renew the certificate run

Get-ExchangeCertificate -thumbprint “thumbprint” | New-ExchangeCertificate

When prompted enter y to continue, the new certificate is then generated and enabled.


Tags: ,

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: