Exchange 2010 Certificate Expired

My exchange 2010 certificate expired.  All of my clients show an error that the certificate expired.  I tired to create a new certificate in exchange but I am not having any luck.  I want to use the Microsoft Certificate Authority on the server to generate the certificate.  Can some please help me with this?  I can't get it to work  I am not that familiar with certificates in Exchange so I am a little confused.  I am running Exchange on Microsoft SBS 2011.
tammieRAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

MASEE Solution Guide - Technical Dept HeadCommented:
If you are renewing self signed certificate please run the below command
Get-ExchangeCertificate <thumbprint> | New-ExchangeCertificate | Enable-ExchangeCertificate -services pop,imap,smtp,iis

Open in new window

Please find below a similar thread
http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/Q_28203703.html
0
tammieRAuthor Commented:
I have deleted the old certificate from the Exchange Server.  The Outlook client is showing a cert that doesn't show up one the certificates in Exchange.  I am confused on where it is coming from.  Do you know how I can get the Outlook client to stop looking at an old certificate?
0
MASEE Solution Guide - Technical Dept HeadCommented:
You can see the details of the certificate by the below command.
Get-ExchangeCertificate | fl IsSelfSigned,CertificateDomains,Thumbprint,NotAfter,Services,Issuer

Open in new window


Delete the expired certificate by the below command.
Remove-ExchangeCertificate -Thumbprint 2C76394C88873A026740B35F2326DEACDF950377

Open in new window


FYI you need autodiscover.emaildomain.com and common name (mail.emaildomain.com) in your certificate.
Please follow  this
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

cpmcomputersManaging DirectorCommented:
If using the internal self signed certificate

First Run the fix my network in the sbs console
It should create a new certificate

Then you need to use "the add trusted certificate " wizard
Select use existing certificate on this server option
You should get a list of certificates with their expiry dates

Select the newly generated one
And you should be good

Assuming your autodiscover records where previously ok you should be good to go
0
cpmcomputersManaging DirectorCommented:
Both wizards are in the network section of the sbs console btw
You do not need to use Microsoft certificate management on sbs

You will need to do this next time the certificate expires
(Although there is a cost involved many professionals would suggest installing a third party certificate )
0
tammieRAuthor Commented:
I was able to create a Certificate Request from the Exchange Management Console and ran it through the Microsoft Certificate Authority web page to create the certificate.  I then applied it to the pending request in the management console.  That made the request disappear.  I then went to a client to see what would happen and the expired message still popped up.  I found out how to delete the certificate from the client through the certmgr.msc and now I don't receive a message.  Can anyone tell me if my problem is fixed or did I do something bad with the steps that I described.
0
cpmcomputersManaging DirectorCommented:
As stated above in sbs this is all handled by the wizards in the small business console

For peace of mind

You can still  Run the "fix my network" option  in the sbs console
 It will identify and fix any outstanding certificate errors and create one if needed

 If it does so Then you need to use "the add trusted certificate " wizard
 Select use existing certificate on this server option
 You should get a list of certificates with their expiry dates

 Select the newly generated one
 And you should be good

 If it finds nothing you should not have a problem
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.