Applies to: Exchange Server 2010 SP3, Exchange Server 2010 SP2

Topic Last Modified: 2011-12-13

You can use the Renew Exchange Certificate wizard to renew an existing Exchange Secure Sockets Layer (SSL) certificate.

Prerequisites

The Client Access server role has been installed and at least one certificate is installed on your Client Access server.

What Do You Want to Do?

Use the EMC to renew an Exchange certificate

You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "Client Access server security settings" entry in the Client Access Permissions topic.

  1. In the console tree, click Server Configuration.

  2. Select the server that contains the certificate, and then select the certificate you want to renew.

  3. In the action pane, click Renew Exchange Certificate.

  4. On the Renew Exchange Certificate page, select the services you want to assign to the renewed certificate. The services that are checked are currently assigned to the certificate.

  5. When you click Assign, the Progress page will confirm your selections and try to renew the certificate.

  6. Click Yes to overwrite the existing certificate with the renewed certificate.

  7. The Completion page will display the status of the request in addition to the syntax of the cmdlet needed to renew the certificate.

Use the Shell to renew an Exchange certificate

You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "Client Access server security settings" entry in the Client Access Permissions topic.

This example renews the self-signed Exchange certificate by using its thumbprint to identify the certificate.

Copy Code
Get- ExchangeCertificate -Thumbprint 'AD19B141228C7CF98B5F78DCED978B7C45E15434' | New-ExchangeCertificate

This example generates a request to renew a certificate issued by a certification authority.

Copy Code
Get- ExchangeCertificate -Thumbprint 'AD19B141228C7CF98B5F78DCED978B7C45E15434' | New-ExchangeCertificate -GenerateRequest -PrivateKeyExportable $true

For detailed syntax and parameter information, see New-ExchangeCertificate.

Note:
After you generate a certificate request, you must submit it to a certification authority, obtain a signed certificate and install the certificate on the same server. For details, see Obtain a Server Certificate from a Certification Authority and Install an SSL Certificate on a Client Access Server.