Solved

Certificate in Exchange 2010

Posted on 2014-12-17
7
85 Views
Last Modified: 2014-12-21
We have setup two exchange EX01 & EX02 running in DAG, using the named exdag. There are two certificates on our Exchange

exdag.abc.com.hk  (issued by exdag)
mail.abc.com.hk  (Issued by VeriSign)


The exdag is going to be expired. Any idea how to regenerate it ? Is it created by default when creating the DAG group in exchange ?

Tks
0
Comment
Question by:AXISHK
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +1
7 Comments
 
LVL 27

Expert Comment

by:☠MAS☠
ID: 40506420
Here is the article from Technet to renew
http://technet.microsoft.com/en-us/library/ee332322(v=exchg.141).aspx

You can use this for easy CSR command generation
http://gallery.technet.microsoft.com/Exchange-20072010-and-2013-17a0b52f
0
 

Author Comment

by:AXISHK
ID: 40506429
Tks. The link show how to generate the CSR. However, I have review the server and it is issued by EXDAG. It mean that it is generated through some way...

Tks
0
 
LVL 12

Assisted Solution

by:SreRaj
SreRaj earned 100 total points
ID: 40506431
Hi,

If this is a self-signed certificate, you could re-issue it by using the PowerShell cmdlet New-ExchangeCertificate

Complete command would be

Get- ExchangeCertificate -Thumbprint 'AD19B141228C7CF98B5F78DCED978B7C45E15434' | New-ExchangeCertificate

Here, thumbprint is that of the certificate which is going to expire. This will only work for self-signed certificate.

When you list details of the certificates with the following command, there is an attribute 'IsSelfSigned', if this is set as True, then the certificate is self-signed.

 Get- ExchangeCertificate | FL
0
Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 27

Assisted Solution

by:☠MAS☠
☠MAS☠ earned 100 total points
ID: 40506458
Here is the command as in the article I posted
Get- ExchangeCertificate -Thumbprint 'AD19B141228C7CF98B5F78DCED978B7C45E15434' | New-ExchangeCertificate

Open in new window


This command will show you the thumbprint of the self signed certificate
Get-ExchangeCertificate | fl Thumbprint,IsSelfSigned

Open in new window

0
 

Author Comment

by:AXISHK
ID: 40506461
Get- ExchangeCertificate -Thumbprint 'AD19B141228C7CF98B5F78DCED978B7C45E15434' | New-ExchangeCertificate

Does this keep everything the same, but extending the expiry period ? Do I need to rebind it afterwards ?

Tks
0
 
LVL 12

Expert Comment

by:SreRaj
ID: 40506467
Yes, New-ExchangeCertificate overwrites existing certificate. So everything remains same, no further configuration required.
0
 
LVL 20

Accepted Solution

by:
Satya Pathak earned 300 total points
ID: 40506539
try  below KB this will help you to understand how to renew the certificate on Exchange 2010 .

http://exchangepedia.com/2008/01/exchange-server-2007-renewing-the-self-signed-certificate.html
0

Featured Post

Creating Instructional Tutorials  

For Any Use & On Any Platform

Contextual Guidance at the moment of need helps your employees/users adopt software o& achieve even the most complex tasks instantly. Boost knowledge retention, software adoption & employee engagement with easy solution.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains how to install and use the NTBackup utility that comes with Windows Server.
If you troubleshoot Outlook for clients, you may want to know a bit more about the OST file before doing your next job. IMAP can cause a lot of drama if removed in the accounts without backing up.
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
how to add IIS SMTP to handle application/Scanner relays into office 365.
Suggested Courses

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question