Solved

TLS Certificate expired messsage?

Posted on 2011-03-23
2
696 Views
Last Modified: 2012-05-11
My Exchange 2007 server are getting as message the TLS Certificate is about to expire;
http://technet.microsoft.com/en-us/library/bb218312(EXCHG.80).aspx

Will cloning the old TSL default cert be a solution?

Cloning an Existing Certificate

Exchange 2007 creates a self-signed certificate during installation that uses all the server and domain names that are known to Exchange at the time of installation. These certificates are valid for 12 months. In some cases, it may make sense to clone these certificates if the Subject and Subject Alternative Names can be used for other computers. Be aware that only the certificate metadata and not the key sets are cloned.

To run the following cmdlets on a computer that has the Edge Transport server role installed, you must log on by using an account that is a member of the local Administrators group on that computer.

To clone a new certificate from an existing certificate, you must first identify the current certificate for the domain by running the following command:


Copy Code

Get-ExchangeCertificate -DomainName mail1.contoso.com
Where mail1.contoso.com is the server name or the FQDN that you want to make a cloned certificate of.

The first certificate that is listed in the output is the default SMTP TLS certificate for the server.

To clone the certificate, run the following command:


Copy Code

Get-ExchangeCertificate -Thumbprint c4248cd7065c87cb942d60f7293feb7d533a4afc | New-ExchangeCertificate
Where the value for Thumbprint is from the first certificate that was listed in the output for Get-ExchangeCertificate.

This command extracts the names from the existing certificate that are identified by the thumbprint and uses them in the new self-signed certificate.

 

0
Comment
Question by:355LT1
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 7

Accepted Solution

by:
Saoi earned 250 total points
ID: 35199113
Hi,

To renew the self-signed certificate, follow the instructions here: http://exchangepedia.com/2008/01/exchange-server-2007-renewing-the-self-signed-certificate.html

Sam
0
 
LVL 8

Assisted Solution

by:praveenkumare_sp
praveenkumare_sp earned 250 total points
ID: 35203189
do u want  a command to create a new certificate ?
New-ExchangeCertificate -SubjectName "c=ES, o=Diversión de Bicicleta, cn=mail1. DiversiondeBicicleta.com" -DomainName woodgrove.com, example.com -PrivateKeyExportable $true

modify the above command to suit ur need

let me know if u have any quries
0

Featured Post

Comparison of Amazon Drive, Google Drive, OneDrive

What is Best for Backup: Amazon Drive, Google Drive or MS OneDrive? In this free whitepaper we look at their performance, pricing, and platform availability to help you decide which cloud drive is right for your situation. Download and read the results of our testing for free!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Lotus Notes – formerly IBM Notes – is an email client application, while IBM Domino (earlier Lotus Domino) is an email server. The client possesses a set of features that are even more advanced as compared to that of Outlook. Likewise, IBM Domino is…
Utilizing an array to gracefully append to a list of EmailAddresses
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

732 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question