Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

TLS Certificate expired messsage?

Posted on 2011-03-23
2
Medium Priority
?
701 Views
Last Modified: 2012-05-11
My Exchange 2007 server are getting as message the TLS Certificate is about to expire;
http://technet.microsoft.com/en-us/library/bb218312(EXCHG.80).aspx

Will cloning the old TSL default cert be a solution?

Cloning an Existing Certificate

Exchange 2007 creates a self-signed certificate during installation that uses all the server and domain names that are known to Exchange at the time of installation. These certificates are valid for 12 months. In some cases, it may make sense to clone these certificates if the Subject and Subject Alternative Names can be used for other computers. Be aware that only the certificate metadata and not the key sets are cloned.

To run the following cmdlets on a computer that has the Edge Transport server role installed, you must log on by using an account that is a member of the local Administrators group on that computer.

To clone a new certificate from an existing certificate, you must first identify the current certificate for the domain by running the following command:


Copy Code

Get-ExchangeCertificate -DomainName mail1.contoso.com
Where mail1.contoso.com is the server name or the FQDN that you want to make a cloned certificate of.

The first certificate that is listed in the output is the default SMTP TLS certificate for the server.

To clone the certificate, run the following command:


Copy Code

Get-ExchangeCertificate -Thumbprint c4248cd7065c87cb942d60f7293feb7d533a4afc | New-ExchangeCertificate
Where the value for Thumbprint is from the first certificate that was listed in the output for Get-ExchangeCertificate.

This command extracts the names from the existing certificate that are identified by the thumbprint and uses them in the new self-signed certificate.

 

0
Comment
Question by:355LT1
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 7

Accepted Solution

by:
Saoi earned 1000 total points
ID: 35199113
Hi,

To renew the self-signed certificate, follow the instructions here: http://exchangepedia.com/2008/01/exchange-server-2007-renewing-the-self-signed-certificate.html

Sam
0
 
LVL 8

Assisted Solution

by:praveenkumare_sp
praveenkumare_sp earned 1000 total points
ID: 35203189
do u want  a command to create a new certificate ?
New-ExchangeCertificate -SubjectName "c=ES, o=Diversión de Bicicleta, cn=mail1. DiversiondeBicicleta.com" -DomainName woodgrove.com, example.com -PrivateKeyExportable $true

modify the above command to suit ur need

let me know if u have any quries
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

New style of hardware planning for Microsoft Exchange server.
On September 18, Experts Exchange launched the first installment of the Help Bell, a new feature for Premium Members, Team Accounts, and Qualified Experts. The Help Bell will serve as an additional tool to help teams increase question visibility.
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

662 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question