Renewing an Expired Certificate in Exchange 2007
Posted by Robert Chipperfield in Exchange, Exchange 2007, Outlook on 18-02-2010
Tags: Exchange, Exchange 2007, Outlook
Continuing on a theme of how to fix those niggly little problems in Exchange Server, today it’s the turn of this error when starting Outlook:
The cause? An SSL certificate that expired some time last year – the default Exchange self-signed certificate seems to have a default validity of a year, after which you get the warning above when starting Outlook.
The solution turns out to be very simple. In Exchange Management Console, grab a list of your certificates with the “Get-ExchangeCertificate” cmdlet:
You can then view further details by piping the output into the list formatter:
Once you’ve done that, you can renew the certificate. Create a new one by running the following cmdlet ({Thumbprint} is the Thumbprint listed in the details above, or can be ignored if you’ve only got one certificate to start with:
Get-ExchangeCertificate {Thumbprint} | New-ExchangeCertificate
The new certificate will now exist (check with Get-ExchangeCertificate) and will have a new Thumbprint. Now you just need to enable it for IIS’s use:
Enable-ExchangeCertificate -Thumbprint {Thumbprint} -Services “IIS”
You should now see a “W” listed in the services column for that certificate if you run Get-ExchangeCertificate:
Finally, if you wish, you can use Remove-ExchangeCertificate to remove the old one.
Restart Outlook, and it should be happy again!
[...] interesting to you, from Finding Stale Accounts in Active Directory with Windows Powershell and Renewing an Expired certificate in Exchange 2007 to Creating a Custom RBAC Role in Exchange 2010 and Importing PST files into Exchange 2010. For [...]