Solved

Certificate in Exchange 2010

Posted on 2014-12-17
7
83 Views
Last Modified: 2014-12-21
We have setup two exchange EX01 & EX02 running in DAG, using the named exdag. There are two certificates on our Exchange

exdag.abc.com.hk  (issued by exdag)
mail.abc.com.hk  (Issued by VeriSign)


The exdag is going to be expired. Any idea how to regenerate it ? Is it created by default when creating the DAG group in exchange ?

Tks
0
Comment
Question by:AXISHK
  • 2
  • 2
  • 2
  • +1
7 Comments
 
LVL 25

Expert Comment

by:-MAS
ID: 40506420
Here is the article from Technet to renew
http://technet.microsoft.com/en-us/library/ee332322(v=exchg.141).aspx

You can use this for easy CSR command generation
http://gallery.technet.microsoft.com/Exchange-20072010-and-2013-17a0b52f
0
 

Author Comment

by:AXISHK
ID: 40506429
Tks. The link show how to generate the CSR. However, I have review the server and it is issued by EXDAG. It mean that it is generated through some way...

Tks
0
 
LVL 12

Assisted Solution

by:SreRaj
SreRaj earned 100 total points
ID: 40506431
Hi,

If this is a self-signed certificate, you could re-issue it by using the PowerShell cmdlet New-ExchangeCertificate

Complete command would be

Get- ExchangeCertificate -Thumbprint 'AD19B141228C7CF98B5F78DCED978B7C45E15434' | New-ExchangeCertificate

Here, thumbprint is that of the certificate which is going to expire. This will only work for self-signed certificate.

When you list details of the certificates with the following command, there is an attribute 'IsSelfSigned', if this is set as True, then the certificate is self-signed.

 Get- ExchangeCertificate | FL
0
Free eBook: Backup on AWS

Everything you need to know about backup and disaster recovery with AWS, for FREE!

 
LVL 25

Assisted Solution

by:-MAS
-MAS earned 100 total points
ID: 40506458
Here is the command as in the article I posted
Get- ExchangeCertificate -Thumbprint 'AD19B141228C7CF98B5F78DCED978B7C45E15434' | New-ExchangeCertificate

Open in new window


This command will show you the thumbprint of the self signed certificate
Get-ExchangeCertificate | fl Thumbprint,IsSelfSigned

Open in new window

0
 

Author Comment

by:AXISHK
ID: 40506461
Get- ExchangeCertificate -Thumbprint 'AD19B141228C7CF98B5F78DCED978B7C45E15434' | New-ExchangeCertificate

Does this keep everything the same, but extending the expiry period ? Do I need to rebind it afterwards ?

Tks
0
 
LVL 12

Expert Comment

by:SreRaj
ID: 40506467
Yes, New-ExchangeCertificate overwrites existing certificate. So everything remains same, no further configuration required.
0
 
LVL 20

Accepted Solution

by:
Satya Pathak earned 300 total points
ID: 40506539
try  below KB this will help you to understand how to renew the certificate on Exchange 2010 .

http://exchangepedia.com/2008/01/exchange-server-2007-renewing-the-self-signed-certificate.html
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

MS Outlook is a world-class email client application that is mainly used for e-communication globally.  In this article, we will discuss the basic idea about MS Outlook, its advanced features, and types of MS Outlook File formats.
Read this checklist to learn more about the 15 things you should never include in an email signature.
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

679 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question