Dave Stone
asked on
Exchange 2007 Renew Certificates
Hello,
I have a question about renewing certificates on Exchange 2007. I am getting warnings in the application event logs. It is Event ID 12018. It states the STARTTLS certificate will expire soon and to run the New-ExchangeCertificate cmdlet. I did this and copied the thumbprint to IIS and thought I was all set. However, going over the before and after output for the certificates I notice my old certificate has the Issuer being Go Daddy Secure Certificate Authority. Do I need to contact them and get a new certificate to replace the one I just generated? Any help with this would be great.
I have attached a file that contains screen prints of the before and after.
Thank you,
Dave
Exchange-Cert.pdf
I have a question about renewing certificates on Exchange 2007. I am getting warnings in the application event logs. It is Event ID 12018. It states the STARTTLS certificate will expire soon and to run the New-ExchangeCertificate cmdlet. I did this and copied the thumbprint to IIS and thought I was all set. However, going over the before and after output for the certificates I notice my old certificate has the Issuer being Go Daddy Secure Certificate Authority. Do I need to contact them and get a new certificate to replace the one I just generated? Any help with this would be great.
I have attached a file that contains screen prints of the before and after.
Thank you,
Dave
Exchange-Cert.pdf
With Exchange you now need to have two certificates.
A trusted commercial certificate from GoDaddy (or another trusted provider) and a self signed certificate.
The self signed certificate is used by Exchange internally for email transport. To replace that one, in EMS, run new-exchangecertificate - no other options or switches required. When you are prompted to replace the default SMTP certificate, say yes.
Is your GoDaddy certificate up for renewal? If not then you can leave that one alone, just ensure that it is enabled for the correct services.
You can see what is happening with
get-exchangecertificate
If the services are wrong, then use set-exchangecertificate -thumbprint XXXXX -services iis, imap, pop
to change it.
Simon.
A trusted commercial certificate from GoDaddy (or another trusted provider) and a self signed certificate.
The self signed certificate is used by Exchange internally for email transport. To replace that one, in EMS, run new-exchangecertificate - no other options or switches required. When you are prompted to replace the default SMTP certificate, say yes.
Is your GoDaddy certificate up for renewal? If not then you can leave that one alone, just ensure that it is enabled for the correct services.
You can see what is happening with
get-exchangecertificate
If the services are wrong, then use set-exchangecertificate -thumbprint XXXXX -services iis, imap, pop
to change it.
Simon.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER