I have two Exchange 2007 servers that are coming up on their 1yr anniversary. Both are now logging events that their certificates will expire soon. I have read a great deal of the documentation but I am still unclear on the correct steps for renewing the certs. Here are the details:
1) Edge server that has a self signed cert for smtp-tls communication. Some say renewing is as easy as
"get-exchangecertificate -thumbprint [oldcertsthumbprint] | new-exchangecertificate -services smtp"
"enable-exchangecertificate -thumbprint [newcertsthumbprint]
With no other steps needed.
Others say I need to re-subscribe the Edge to the organization and restart the edgesynch service after I have done the steps above.
What is correct?
2) Hub/CAS server that has a Trusted ThirdParty CA cert that was installed in IIS before Exchange was installed and a self-signed cert that was created by install. Both are up for renewal. After I installed Exchange I had to enable SMTP on the CA cert and everything worked fine. Most documentation says I need to generate a new CA cert request using new-exchangecertificate with the -generaterequest switch. But I don't want a new CA one. I want to renew the CA one I have. I saw in the msexchangeteam blog that I can renew using the IIS manager but other places say don't use the mmc for Exchange certs or they won't work. Is that just a warning because you would have to enable the services for the cert? Can I renew in IIS and then enable the smtp, imap, pop services on the cert using the cmdlets? Also, if I do not renew the self-signed one, will internal hub to edge communication still work?