Solved

Exchange 2007: Certificate Renewal

Posted on 2008-10-13
10
9,311 Views
Last Modified: 2012-05-05
My Exchange 2007 certificate is due to expire in about a month and this will be the first time I have renewed it. Can someone give me some detailed instructions on how to do it? I am trying to avoid any mistakes on my end thus eliminating any unecessary downtime. Thanks.
0
Comment
Question by:rbichon
10 Comments
 
LVL 5

Expert Comment

by:NutrientMS
ID: 22706180
0
 
LVL 5

Expert Comment

by:ccns
ID: 22706190
have a look here, has alot of information re exchange cetificates
http://technet.microsoft.com/en-us/library/bb851505(EXCHG.80).aspx
0
 
LVL 11

Expert Comment

by:Bertling
ID: 22707748
is this a selfc assigned or from an external CA? like verisign or thawte?
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 1

Author Comment

by:rbichon
ID: 22710989
It is an external CA from Comodo.
0
 
LVL 11

Expert Comment

by:Bertling
ID: 22711101
just go ahead an apply for the renewed cert from Comodo. please advise what format you get the cert in or if it is just encrypted text.

then i can help you import it in to IIS without you having to worry about any downtime.
0
 
LVL 1

Author Comment

by:rbichon
ID: 22711224
This is the command I used when inserting the first certificate:
Import-ExchangeCertificate -Path C:\cert.crt | Enable-ExchangeCertificate -Services "SMTP, IMAP, POP, IIS"
Once I get the new certificate, do I just run the same command? After I get it installed, should I remove the first certificate? Is there anything special that I need to do to make sure the new certificate is being used?
0
 
LVL 11

Accepted Solution

by:
Bertling earned 500 total points
ID: 22711622
yes run that command,

then use Get-ExchangeCertificate to check their service type status

then use Remove-ExchangeCertificate to remove the old certs

hope it all works out
0
 
LVL 1

Author Comment

by:rbichon
ID: 22712134
I got the request in for a new cert. Once it comes in I will post back. Thanks for your help.
0
 
LVL 1

Author Comment

by:rbichon
ID: 22720913
Using the Get-ExchangeCertificate command turned out to be an absolutely crucial step. After installing the cert I ran that command and found that the cert was not being used for SMTP or IIS. I used Enable-ExchangeCertificate to enable both of those services on the new cert before removing the other certs. If I hadn't done that first, several Exchange services would have been affected and I would have had no idea why. Thanks!
0
 
LVL 11

Expert Comment

by:Bertling
ID: 22720939
no probs! thanks for the feedback
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
Local Continuous Replication is a cost effective and quick way of backing up Exchange server data. The following article describes the steps required to configure Local Continuous Replication. Also, the article tells you how to restore from a backup…
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
This video discusses moving either the default database or any database to a new volume.

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question