Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 87
  • Last Modified:

Certificate in Exchange 2010

We have setup two exchange EX01 & EX02 running in DAG, using the named exdag. There are two certificates on our Exchange

exdag.abc.com.hk  (issued by exdag)
mail.abc.com.hk  (Issued by VeriSign)


The exdag is going to be expired. Any idea how to regenerate it ? Is it created by default when creating the DAG group in exchange ?

Tks
0
AXISHK
Asked:
AXISHK
  • 2
  • 2
  • 2
  • +1
3 Solutions
 
MASTechnical Department HeadCommented:
Here is the article from Technet to renew
http://technet.microsoft.com/en-us/library/ee332322(v=exchg.141).aspx

You can use this for easy CSR command generation
http://gallery.technet.microsoft.com/Exchange-20072010-and-2013-17a0b52f
0
 
AXISHKAuthor Commented:
Tks. The link show how to generate the CSR. However, I have review the server and it is issued by EXDAG. It mean that it is generated through some way...

Tks
0
 
SreRajCommented:
Hi,

If this is a self-signed certificate, you could re-issue it by using the PowerShell cmdlet New-ExchangeCertificate

Complete command would be

Get- ExchangeCertificate -Thumbprint 'AD19B141228C7CF98B5F78DCED978B7C45E15434' | New-ExchangeCertificate

Here, thumbprint is that of the certificate which is going to expire. This will only work for self-signed certificate.

When you list details of the certificates with the following command, there is an attribute 'IsSelfSigned', if this is set as True, then the certificate is self-signed.

 Get- ExchangeCertificate | FL
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
MASTechnical Department HeadCommented:
Here is the command as in the article I posted
Get- ExchangeCertificate -Thumbprint 'AD19B141228C7CF98B5F78DCED978B7C45E15434' | New-ExchangeCertificate

Open in new window


This command will show you the thumbprint of the self signed certificate
Get-ExchangeCertificate | fl Thumbprint,IsSelfSigned

Open in new window

0
 
AXISHKAuthor Commented:
Get- ExchangeCertificate -Thumbprint 'AD19B141228C7CF98B5F78DCED978B7C45E15434' | New-ExchangeCertificate

Does this keep everything the same, but extending the expiry period ? Do I need to rebind it afterwards ?

Tks
0
 
SreRajCommented:
Yes, New-ExchangeCertificate overwrites existing certificate. So everything remains same, no further configuration required.
0
 
Satya PathakLead Technical ConsultantCommented:
try  below KB this will help you to understand how to renew the certificate on Exchange 2010 .

http://exchangepedia.com/2008/01/exchange-server-2007-renewing-the-self-signed-certificate.html
0

Featured Post

Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

  • 2
  • 2
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now