Exchange Server 2010 on a Win 2012 server. Renew Certificate

I have create a HowTo on my site to accomplish this.

You need to Generate a new CSR from one of your CAS servers. You will then need to import it in to every Exchange server. From there you Enable the certificate with the specific services required.

Detailed steps below...
http://www.wsit.ca/how-tos/exchange-server-2/configure-split-dns-and-exchange-2013-virtual-directories/

And
http://www.wsit.ca/how-tos/exchange-server-2/exchange-2013-certificate-generation-csr-import-enable-exchange-certificate/

The HowTo illustrates how to accomplish this with Exchagne 2013 but the process is similar to Exchange 2010 minus the cert renewal. You can do this through IIS.

Will.

I don't have CAS servers.  I have a DC and an exchange server.   Which one do i start with?

https://www.digicert.com/ssl-certificate-renewal-exchange-2010.htm

This worked.

If you have Exchange, then you have CAS server :)

To explain further. CAS stands for Client Access Server. It is a role that is part of Exchange. If you have a single Exchange server then by default it has the Client Access, Hub Transport and Mailbox Server roles on it.

My new certificate has a status:   This is a pending certificate signing request (CSR)

How do I complete this job?   I'm a dunce with this - so use short words!

Did you purchase the new certificate from the CA? If so, you will have a certificate file. Copy i to your exchange server (anywhere on it is fine. My documents works). Then right click on the one that says it is a pending CSR and select Complete Pending request. Follow the wizard.

Can I buy a certificate from Godaddy?

Yes, you can but there is one additional step to using a GoDaddy Certificate. You will get a .zip file from GoDaddy. It will contain the certificate (.crt) and a .p7b file. The .p7b file is the intermediate Certificates. You have to import them into the intermediate Certificate Authority store on your exchange server(s) using the Certificates Snap-In. But, it should work fine. We use them.

OK.  Godaddy tell me that the SEVER.local will no longer be supported on the certificate.

Ho do I confirm my server is not configered as .local and is configured as fully qualified .com?

No Public CA will support .local anymore. You just need to set the internal and external names for OWA and ECP to the external name (can be done in the EMC) and then setup split brain dns. Add a DNS zone to your internal server for your external domain name. Add the owa record to it with the internal address. You should also add an srv record to your internal domain for autodiscover pointing to the owa record in your split brain zone. This way, autodiscover will not warn for the wrong name.

Being a bit of a dunce, I'll need these steps explained a bit more simplistically.

I'd get the guys in who set this up, but they can't do it until December.   I understand basic DCs, DNS etc, but exchange is a bit of a mystery to me.