How to Renew an Exchange 2010 Certificate that is Self-Signed or Issued by a Local Certificate Authority and Clean up Old Certificates

Open the Exchange 2010 Management Console on the Exchange server.

Exchange Server Management Console

Expand the menu tree in the left pane and select Server Configuration.

Exchange Server Configuration

Select the Server needing the certificate in the server configuration pane. For the purposes of this demo, we are selecting the server named Exchange02. As you can see there are a lot of certificates that are expired and a lot of cleanup that we will also be doing.

Exchange Server Certificates

We’re going to start with renewing the self-signed certificate.

Renew self signed certificate

Double click on the certificate or select it and choose Properties from the far-right-hand pane.

Go to the Details tab and select Thumbprint from the top pane.

Copy the Thumbprint Value from the lower pane.

Certificate Thumbprint Value

Open an Administrative Exchange Management Shell PowerShell window and run the following command:

Get-ExchangeCertificate -Thumbprint ‘<value that was copied from the certificate thumbprint in the previous step above>’ | New-ExchangeCertificate

Exchange Certificate PowerShell Command

Since we also have a certificate issued by a public certificate authority, we get a prompt to overwrite the existing default SMTP certificate. We do not want this, so enter N for no and press enter.

Now if we go back to the Exchange Management Console, And click refresh in the right pane, we will see our new valid self-signed certificate.

Valid Self-Signed Certificate in Exchange

We can now delete the expired self-signed Exchange certificate.

Lucas Guth, PEI

Leave a Reply

PEI logo

GET EXCLUSIVE ACCESS!

Get the latest tech industry news and trends, event notifications, special offers, and access to our free video resource library!

You have Successfully Subscribed!