Open the Exchange 2010 Management Console on the Exchange server.
Expand the menu tree in the left pane and select Server Configuration.
Select the Server needing the certificate in the server configuration pane. For the purposes of this demo, we are selecting the server named Exchange02. As you can see there are a lot of certificates that are expired and a lot of cleanup that we will also be doing.
We’re going to start with renewing the self-signed certificate.
Double click on the certificate or select it and choose Properties from the far-right-hand pane.
Go to the Details tab and select Thumbprint from the top pane.
Copy the Thumbprint Value from the lower pane.
Open an Administrative Exchange Management Shell PowerShell window and run the following command:
Get-ExchangeCertificate -Thumbprint ‘<value that was copied from the certificate thumbprint in the previous step above>’ | New-ExchangeCertificate
Since we also have a certificate issued by a public certificate authority, we get a prompt to overwrite the existing default SMTP certificate. We do not want this, so enter N for no and press enter.
Now if we go back to the Exchange Management Console, And click refresh in the right pane, we will see our new valid self-signed certificate.
We can now delete the expired self-signed Exchange certificate.
Lucas Guth, PEI