Exchange Certificates - How I know which is the certificate to be renewed?

Hello masters,

   On My server I was verificate the certificates with command Get-ExchangeCertificate and I got some certificates.  But I´m not sure which certificate I need to renew, because there are two of the same name.
    I need renew because  when I open ms outllok the folow message appears ( The Security certificate has Expired or is not yet valid)
     Please verify the .xlsx file Certificates - Tmunbprint.
          Can you help me please.


Thank you
Marcio Santos
 Certificates.xlsx
ms_ps2004Asked:
Who is Participating?
 
Glen KnightConnect With a Mentor Commented:
The tool will do everything for you, there is no need to do anything else.
0
 
Glen KnightCommented:
from the Exchange Management Console run:

Get-ExchangeCertificates | fl IsSelfSigned, Subject, NotAfter, ThumbPrint

The NotAfter field is the expiration date.
0
 
AkhaterCommented:
open your mmc

start run -> mmc -> add remove snapins -> certificates -> computer certificates


check the personal store and see the expiry dates, any one that has expired you can delete it
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
ms_ps2004Author Commented:
Thank you by support demazter / Akhater

I executed the command and I got the following results, please see the attachment file.

Thank you
Get-ExchangeCertificate2.docx
0
 
AkhaterCommented:
you have quite a few expired however to answer more accurately you need to run  

Get-ExchangeCertificates | fl Subject, NotAfter, ThumbPrint, Services

check which one is assigned to the IIS  service this is the one you want to renew
0
 
ms_ps2004Author Commented:
Sorry for the delayed response personnel.

I ran the commands and checked all sertificados, but still do not know what I have to upgrade.

Please could you help me?

Thanks.
Marcio Santos
0
 
Glen KnightCommented:
Can you post the output of:

Get-ExchangeCertificates | fl Subject, NotAfter, ThumbPrint, Services
0
 
ms_ps2004Author Commented:
[PS] C:\>Get-ExchangeCertificate | fl Subject, NotAfter, ThumbPrint, Services


Subject    : CN=spo2k3mx01, DC=unifi, DC=br
NotAfter   : 24/3/2012 01:21:51
Thumbprint : 3BF07F76F94033DA5C316794F0DA0B7532FE5F29
Services   : None

Subject    : CN=alf2k3mx03, DC=unifi, DC=br
NotAfter   : 4/1/2012 20:58:33
Thumbprint : 97D957221B12FB77227771962B1FD32D4DE8DB74
Services   : None

Subject    : CN=spo2k3mx01, DC=unifi, DC=br
NotAfter   : 4/1/2016 11:44:20
Thumbprint : D75F533C328511335C2C5065EDA3A6E8DA86DAB6
Services   : None

Subject    : CN=spo2k3mx01.unifi.br
NotAfter   : 2/3/2011 17:45:32
Thumbprint : 18763C51E9B23A3FAA12A0B2F3CCC3AEF2BAC08A
Services   : IIS, SMTP

Subject    : CN=Unifi.br, O=Unifi, DC=Unifi, DC=br
NotAfter   : 16/2/2011 13:36:28
Thumbprint : B10763803A3F3C2A3A633A5E51C6CFB5B7A221E4
Services   : IMAP, POP

Subject    : CN=spo2k3mx01.unifi.br
NotAfter   : 30/12/2009 19:02:11
Thumbprint : 8E1D3A32009DCD3D3B5759FD1BB1AAEF9699C081
Services   : SMTP

Subject    : CN=spo2k3mx01
NotAfter   : 19/12/2010 13:54:20
Thumbprint : 0514B9BE28988B3DA5906D34A9CD6DCF154746B4
Services   : None

Subject    : CN=spo2k3mx01, DC=unifi, DC=br
NotAfter   : 4/1/2016 11:43:20
Thumbprint : 05263E0FE5335B538659DE8628FE12E8C4EB8B03
Services   : SMTP

Subject    : CN=spo2k3mx01, DC=unifi, DC=br
NotAfter   : 19/12/2013 14:01:56
Thumbprint : 49CBA4A430D23C0C8D9C683A3768D5252B24FB2A
Services   : SMTP

Subject    : CN=webmail.unifi.com.br, OU=Tecnologia, O=Unifi do Brasil Ltda., L=Sao Paulo, S=SP, C=BR
NotAfter   : 6/2/2012 20:59:59
Thumbprint : B58C1F3530159D662C0CCB992194CA53D6BD0EBD
Services   : IIS

Subject    : CN=webmail.unifi.com.br, OU=Tecnologia, O=Unifi do Brasil Ltda., L=Sao Paulo, S=SP, C=BR
NotAfter   : 2/12/2009 20:32:34
Thumbprint : 1F951364330D57E58FC03FAAB91F040C0B8C17BA
Services   : None

Subject    : CN=spo2k3mx01
NotAfter   : 1/12/2009 11:55:07
Thumbprint : 77579B5E11DC033D4EB44C67D4E1B5EB677DC5EB
Services   : SMTP

Subject    : CN=spo2k3mx01
NotAfter   : 1/12/2009 11:41:14
Thumbprint : AE3E5403DF5D14C8D987626418D461E8EEAE7BF2
Services   : None
0
 
Glen KnightCommented:
You have 2 certificates being used by IIS, one that expires 6/2/2012 and the other that expired 2/3/2011 which is a self signed one.
Which are you trying to renew?
0
 
ms_ps2004Author Commented:
When I consult on my outlook´s message, it's 2/03/2011 spo2k3mx01.unifi.br.

I afraid to renew the wrong certificate and stop the send of messages.

I belive that this certificate is internal, but I don,t know if this certificate work with others services.

Thank you very much

0
 
Glen KnightCommented:
That is this one:

Subject    : CN=spo2k3mx01.unifi.br
NotAfter   : 2/3/2011 17:45:32
Thumbprint : 18763C51E9B23A3FAA12A0B2F3CCC3AEF2BAC08A
Services   : IIS, SMTP


But you also have this one:

Subject    : CN=webmail.unifi.com.br, OU=Tecnologia, O=Unifi do Brasil Ltda., L=Sao Paulo, S=SP, C=BR
NotAfter   : 6/2/2012 20:59:59
Thumbprint : B58C1F3530159D662C0CCB992194CA53D6BD0EBD
Services   : IIS

Which is servicing IIS and still valid.
0
 
ms_ps2004Author Commented:
I checked the IS and I see the following structure.
Applications Pools
Web Sites
Web Services Extensions

On Web Sites have "Default Web site" and "External".

Default web site have the certificate expired (spo2k3mx01.unifi.br) in all objects(Autodiscover, OWA).

On External have the certificate ok (webmail.unifi.com.br).

I need to renew spo2k3mx01.unifi.br and to install in IS

0
 
Glen KnightCommented:
I would suggest taking a look at this utility in my blog here: http://demazter.wordpress.com/2010/06/15/exchange-2007-ssl-certificates/

It's for managing certificates, and it will help you to renew the self signed certificate you have now.
0
 
ms_ps2004Author Commented:
On Event view appers the messages?

Event ID 12016

There is no valid SMTP Transport Layer Security (TLS) certificate for the FQDN of spo2k3mx01.unifi.br. The existing certificate for that FQDN has expired. The continued use of that FQDN will cause mail flow problems. A new certificate that contains the FQDN of spo2k3mx01.unifi.br should be installed on this server as soon as possible. You can create a new certificate by using the New-ExchangeCertificate task.

Event Id 12015
An internal transport certificate expired. Thumbprint:18763C51E9B23A3FAA12A0B2F3CCC2AEF2BAC08A



0
 
ms_ps2004Author Commented:
Don't worry with the diferent number on tumbprint.

Thank you
0
 
Glen KnightCommented:
please see comment ID: http:#35341664
0
 
ms_ps2004Author Commented:
Yes, I saw. I will renew this certificate.

I have one more question.

I will to run command to renew certificate and  after this action, I need to install the certificate on other place? (IS)

Master demazter, I will search the command to renew the certificate.

I could leave this topic opened? If I have need more help, I post here again.

Thank you very much
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.