Renew Exchange Certificate


It appears that my owa exchange 2010 certificate has expired. I don't believe we had it purchased, but it is showing that it was issued by a certificate authority. Do I need to renew this through the certificate authority or can I just install our own certificate? What are the steps to install it?

Thank you.
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Itzik HornsteinCommented:
You have to be renewed by the ROOT CA
exhuserAuthor Commented:
How do I renew it in Exchange after purchasing from the authority?
Itzik HornsteinCommented:
do you have root ca installed in your domain
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

exhuserAuthor Commented:
I am not exactly sure, but probably yes since we had a certificate for 2 years.
Robby SwartenbroekxMSP engineerCommented:
You can see in the current certificate who issued it. It can be an own internal CA. Then only domain joined machines will trust it, or it can be a bought certificate. Prices are really dropped in comparison to 2 years ago. If you buy one, it needs to be a SAN certificate (multi domain) or a wildcard certificate. (You need your default url ( and

In exchange 2010 there is a  very good wizard to request a certificate at your own CA.
Even if you have a Certificate Authority on your domain I would not use it.  It won't be as trusted as one of the major Internet providers.  I have a 2013 Exchange Server and I use GoDaddy.  Two years ago it cost me $150.00 and I renewed recently for $89.00.  That's pretty cheap and then you won't run the risk of Gmail or other e-mail providers not trusting you.  I can have five wildcards with my GoDaddy cert.  I generate the request from my server and go to GoDaddy's site to import it and they will generate the official UCC cert that you can import back into your server.

This looks like a pretty good explanation of how to do it:

If you have been managing to get by with your internal CA I'd be surprised that you don't have issues.  Gmail can be picky.  Good luck.
To renew the Exchange certificate that use public CA

1. Create a CSR from Exchange server
2. Submit the CSR to public CA
3. Receive the certificate form public CA
4. Import the certificate to Exchange server
5. Enable services.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.