How to … Renew Certificates in Exchange Server 2010

Share this:

In Today’s post we are going over the process to renew a Certificate in Exchange Server 2010.

For this blog post I’m going to use Digicert and you can use the same link during the renew process.

Before starting the process I would like to go over a few key points that may help you during your renew process:

  • You should renew before the due date of the certificate. Let’s say that your certificate is going to expire 1 month from now, you can start renewing your servers in your pace before the due date without any issues;
  • In a multiple server environment, you can have servers using the old certificate and the renewed one without any issues
  • You are deploying a new certificate as result of this blog post, so make sure that you check the Intermediate and Certificate Chain of the new certificate
  • If you receive a red icon when adding your new certificate, then you need to work on the intermediate CAs to make sure that certificate is valid before assigning services to it
  • If you are using SCOM probably you will be informed that your certificate is about to expire. That is a good indication to start preparing your renew process.

Step 01:  Identifying your current certificates…

Using Exchange Management Console, we can click on Server Configuration and after selecting the desired server all certificates will be listed.

image

Step 02: Renewing the Certificate

Let’s right click on the certificate that is about to expire and then click on Renew Exchange Certificate..

image

In the Renew Exchange Certificate page. Define a file that will contain the renew request (.req extension) and click on Renew.

image
In the Completion page. We will have a summary of the cmdlet that will be used to renew the certificate, let’s click on Finish.

image

As result of that new request a new entry will be listed and on the Status column we will see This is a pending certificate signing request.

image

Step 03: Completing the request

Now that we have a new request we need to follow these basic steps, as follows:

  1. Log  on Digicert web page (of any other Public CA that you have)
  2. Click on Renew  in your existent certificate
  3. In the second step of the wizard make sure that you select the option that you have a CSR and on the new dialog box select which version of Exchange Server you are using (in our post Today is Exchange Server 2010) and then paste the content of the CSR generated in the previous step

image

The new request will be submitted and you will receive in your e-mail (or the administrator e-mail) the new certificate confirmation. Download that file and extract on the Exchange Server where we created the new request (Step 01 and Step 02).

Step 04: Completing the Renew process

Now that we have the new cert, let’s right click on the pending request and let’s click on Complete pending request…

image

In the Introduction page. Click Browse and select the .cert file that was provided by your Public Key Certification Authority (in our case Digicert) and click Complete. In the Completion page.

image

In the Completion page. Just click on Finish.

image

Step 05: Assigning services to the renewed certificate

Finally, the last step of our journey to renew a certificate. Now that the certificate shows on the list, we can right click on it and then select Assign services to Certificate…

image

In the Select Services. Make sure that you select at least the same services that you had in the previous certificate and finish the wizard.

 

After that you can access the services of Exchange and the certificate should be the new one (just check the validation of the certificate). A good test is to open Outlook Web App and check the initial page of the certificate properties (the figure below if from Office365 Smile)

image

Written by Anderson Patricio

Anderson Patricio

Anderson Patricio is a Canadian MVP in Cloud and Datacenter Management, and Office Server and Services, besides the Microsoft Award he also holds a Solutions Master (MCSM) in Exchange and several other certifications. Anderson has been contributing to the Microsoft Community with articles, tutorials, blog posts, twitter, forums and book reviews. He is a regular contributor here at ITPROCentral.com, MSExchange.org, Techgenix.com and Anderson Patricio.org (Portuguese).

Related Post

Retrieving ActiveSync Logs: Using Outlook Web App Good morning my friends (long time no see, after a couple of days in holidays I’m back!) In Today’s post we are going to check it out the ActiveSync ...
How to … avoid Outlook Certificate issues when add... When adding a new Exchange server to the organization the administrator may receive some complaining  from the Service Desk where end-users are receiv...
Rollup Update for Exchange Server 2007/2010 and Se... Exchange Team has just released Rollup Updates for Exchange Server 2007/2010 and Security Updates for Exchange Server 2013. Update Rollup 2 For Exch...
Releasing a mailbox from Exchange Server 2010 Quar... In this Tutorial we are going over the process to identify and remove a mailbox from the quarantine, in Exchange Server 2010 a mailbox can be quaranti...