Exchange 2010 Certificate Question/Help needed

Exchange 2010 Enterprise
Name                                    AdminDisplayVersion                     ExchangeVersion
----                                    -------------------                     ---------------
SERV025                                 Version 14.3 (Build 123.4)              0.1 (8.0.535.0)

Today I started getting this event message

Log Name:      Application
Source:        MSExchange Web Services
Date:          11/20/2015 10:40:52 AM
Event ID:      26
Task Category: Core
Level:         Warning
Keywords:      Classic
User:          N/A
Computer:      SERV025.FQDN.com
Description:
The Exchange certificate [Subject]
  CN=mail.mymail.com

[Issuer]
  CN=mail.mymail.com

[Serial Number]
  52B2100C5D7BD7874B0D1B793BBAA9DC

[Not Before]
  1/17/2015 6:48:02 PM

[Not After]
  1/17/2016 7:08:02 PM

[Thumbprint]
  A07668BAF4EE2ECE7BD5046D4379A92C826B2AAE
 will expire on 1/17/2016 7:08:02 PM.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="MSExchange Web Services" />
    <EventID Qualifiers="49152">26</EventID>
    <Level>3</Level>
    <Task>1</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2015-11-20T15:40:52.000000000Z" />
    <EventRecordID>246123</EventRecordID>
    <Channel>Application</Channel>
    <Computer>SERV025.FQDN.com</Computer>
    <Security />
  </System>
  <EventData>
    <Data>[Subject]
  CN=mail.mymail.com

[Issuer]
  CN=mail.mymail.com

[Serial Number]
  52B2100C5D7BD7874B0D1B793BBAA9DC

[Not Before]
  1/17/2015 6:48:02 PM

[Not After]
  1/17/2016 7:08:02 PM

[Thumbprint]
  A07668BAF4EE2ECE7BD5046D4379A92C826B2AAE
</Data>
    <Data>1/17/2016 7:08:02 PM</Data>
  </EventData>
</Event>


Now I have these procedures to work on this



Use the EMC to renew an Exchange certificate

You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "Client Access server security settings" entry in the Client Access Permissions topic.

1. In the console tree, click Server Configuration.
 
2. Select the server that contains the certificate, and then select the certificate you want to renew.
 
3. In the action pane, click Renew Exchange Certificate.
 
4. On the Renew Exchange Certificate page, select the services you want to assign to the renewed certificate. The    services that are checked are currently assigned to the certificate.
 
5. When you click Assign, the Progress page will confirm your selections and try to renew the certificate.
 
6. Click Yes to overwrite the existing certificate with the renewed certificate.
 
7. The Completion page will display the status of the request in addition to the syntax of the cmdlet needed to    renew the certificate.


++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

But when I list the certificates the certificate in questions shows a status of This is a pending certificate signing request (CSR)

So I clicked on Complete Pending request and this is where I am stuck  

It asks for a certificate  example c:\certificate\import.cer

Where do I get the certificate from?


The shell command below will that work




Use the Shell to renew an Exchange certificate

You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "Client Access server security settings" entry in the Client Access Permissions topic.

This example renews the Exchange certificate.

Enable-ExchangeCertificate -Server SERV025  -Services 'IMAP, POP, IIS, SMTP' -Thumbprint 'A07668BAF4EE2ECE7BD5046D4379A92C826B2AAE'


Thoughts
LVL 23
Thomas GrassiSystems AdministratorAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

BembiCEOCommented:
There are three possibiltes, what you may have to do....

First you should find out, if it is self signed certificate or a certificate from a certification authority.
You can open the certificate and look for the issuer.

As the issuer is mail.mymail.com it looks like a self signed cert.
The procedure for a self signed certs is here...
http://exchangepedia.com/2008/01/exchange-server-2007-renewing-the-self-signed-certificate.html

If you have your own PKI infrastructure, means you have an internal certificate authority, then just open mmc, add the certificate snap for the local computer, select the cert which is used by exchange, right click renew...

If you have a certificate from a public certificate authority, then it depends from where you have got the cert. If you bought the cert from a service company, ask them for renewal. If you bought it directly from the issuer, you usually can go to their website and renew it there. As a renewal usually do not need any additional information, because they know them form he old cert, you just pay for the renewal and get a new certificate. In some cases, you have to renew via a request file, the procedure you have done in exchange creates such a file.

If you have got the cert from a public cert authority, you can continue the process as you described it, or you just import the certificate into the certificate store (usually double click on the cert) and use the

Enable-ExchangeCertificate -Server SERV025  -Services 'IMAP, POP, IIS, SMTP' -Thumbprint 'A07668BAF4EE2ECE7BD5046D4379A92C826B2AAE'

where you have to take the thumbprint from the new certificate.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Thomas GrassiSystems AdministratorAuthor Commented:
Thanks

The link helped
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.