Exchange 2010 renew crtificate


my Exchange 2010 certificate will expire in 25 days.
What is the best way to renew the cert? We have our own certification authority on our Domain controller.

What if I click "renew certificate" in Exchange Management Console? Will the certificate bei renewed automatically?
Or do I have to request a new certificate and import that?

Will there be any downtime?

What is the best practice?

Best regards!
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

AmitIT ArchitectCommented:
You need to request new certificate and then import it via EMC. Steps are here:

This might be better:
Will SzymkowskiSenior Solution ArchitectCommented:
Are you using your Internal CA for Exchange? If you use the ReNew Certificate button in Exchange 2013 this will renew the self-signed cert. I would assume that you would be using a 3rd party SSL cert for OWA and Outlook Anywhere externally?

If this is the case you will need to generate a new CSR from one of your Exchange servers and send it to the 3rd party provide which will then renew the cert for you.

Once you have the CER/CRT file you need to complete the certificate request.

You will also need to run the following command after you have imported the certificate on ALL of your CAS servers.

Enable-ExchangeCertificate -Thumbprint xxxxxxxxxxxxx -services "imap,pop,smtp,iis" 

Open in new window

Press Y to accept

There will not be able down time during this period.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
SystemadministrationAuthor Commented:
The seld signed cert is allright so I really do`nt need a third party cert.
So it would be enough to renew it.
I`ll have a look in a test lab later.
SystemadministrationAuthor Commented:
I tried a renewal in a test lab.
There was a new req created and I requested a new cert in my authority.

After that I found an open request in Exchange Management Console. After I imported the new certificate i got asked if I want to overwrite to currentt standard cert for SMTP.

What do I have to do there?

At the moment I have 2 self-signed certs called "Microsoft Exchange" which have the services "SMTP, IMAP,POP" allocated and one nit self-signed which has "SMTP,POP,IMAP,IIS" allocated.

Where do I see which one is the standard cert for SMTP.
How does a certificate change influence my running environment.
For what is the certificate used, if SMTP is allocated.
Will I have any problems if I change service-allocation.

It would be interesting to hear, how you configured the certificates.
Md. MojahidCommented:
you have to create only new cert request you cant renew here some step will help you.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.