Exchange 2007 – Renewing self signed SSL

If your running Exchange 2007 and you don’t really have the need for an SSL that’s issued by a valid CA, then you can just renew the self signed one that’s automatically generated on server build.  Most devices are happy to connect to an unsigned SSL once an exceptions been made, but they may well require a valid date.

Open up Exchange powershell:

Get-ExchangeCertificate -DomainName

It should be obvious which certificate is the current one. To duplicate this into a renewed cert, grab the thumbprint and do:

Get-ExchangeCertificate -Thumbprint [thumbprint of old ssl] | New-ExchangeCertificate

Then to make it live:
Enable-ExchangeCertificate -Thumbprint [thumbprint of new ssl] -Service IIS

You can check the current cert details using:
Get-ExchangeCertificate | List

You can leave a response, or trackback from your own site.

Leave a Reply