Solved

TLS Certificate expired messsage?

Posted on 2011-03-23
2
698 Views
Last Modified: 2012-05-11
My Exchange 2007 server are getting as message the TLS Certificate is about to expire;
http://technet.microsoft.com/en-us/library/bb218312(EXCHG.80).aspx

Will cloning the old TSL default cert be a solution?

Cloning an Existing Certificate

Exchange 2007 creates a self-signed certificate during installation that uses all the server and domain names that are known to Exchange at the time of installation. These certificates are valid for 12 months. In some cases, it may make sense to clone these certificates if the Subject and Subject Alternative Names can be used for other computers. Be aware that only the certificate metadata and not the key sets are cloned.

To run the following cmdlets on a computer that has the Edge Transport server role installed, you must log on by using an account that is a member of the local Administrators group on that computer.

To clone a new certificate from an existing certificate, you must first identify the current certificate for the domain by running the following command:


Copy Code

Get-ExchangeCertificate -DomainName mail1.contoso.com
Where mail1.contoso.com is the server name or the FQDN that you want to make a cloned certificate of.

The first certificate that is listed in the output is the default SMTP TLS certificate for the server.

To clone the certificate, run the following command:


Copy Code

Get-ExchangeCertificate -Thumbprint c4248cd7065c87cb942d60f7293feb7d533a4afc | New-ExchangeCertificate
Where the value for Thumbprint is from the first certificate that was listed in the output for Get-ExchangeCertificate.

This command extracts the names from the existing certificate that are identified by the thumbprint and uses them in the new self-signed certificate.

 

0
Comment
Question by:355LT1
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 7

Accepted Solution

by:
Saoi earned 250 total points
ID: 35199113
Hi,

To renew the self-signed certificate, follow the instructions here: http://exchangepedia.com/2008/01/exchange-server-2007-renewing-the-self-signed-certificate.html

Sam
0
 
LVL 8

Assisted Solution

by:praveenkumare_sp
praveenkumare_sp earned 250 total points
ID: 35203189
do u want  a command to create a new certificate ?
New-ExchangeCertificate -SubjectName "c=ES, o=Diversión de Bicicleta, cn=mail1. DiversiondeBicicleta.com" -DomainName woodgrove.com, example.com -PrivateKeyExportable $true

modify the above command to suit ur need

let me know if u have any quries
0

Featured Post

Online Training Solution

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In-place Upgrading Dirsync to Azure AD Connect
A list of top three free exchange EDB viewers that helps the user to extract a mailbox from an unmounted .edb file and get a clear preview of all emails & other items with just a single click on mailboxes.
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…

729 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question