Email SSL

We are in a hybrid environment with office365. Recently we had an issue with migrating a mailbox to office365. When I logged on to our onprem exchange 2010 server the management console showed some expired certs. I have two servers set up under server config. See attached screenshots. I used the management console to generate a new cert req for the off365 server. I used the console to complete the cert install but where do I install the intermediate cert? I see a couple of certs are self signed, How do I renew those. Email is working as are migration but I can't ping the off365 server from the outside.OFF365EXCH2010
InSearchOfAsked:
Who is Participating?
 
Todd NelsonConnect With a Mentor Systems EngineerCommented:
I see a couple of certs are self signed, How do I renew those.

You can renew them from the Exchange Management Console (easiest method) or the Exchange Management Shell.

From the Exchange Management Console, highlight the expires self-signed certificates and select "Renew Exchange Certificate" from the Action pane on the right or by right-clicking, and then confirm replacement.

From the Exchange Management Shell, run the following command to get info on each self-signed certificate.  You will need to renew the self-signed certs that are expired (based on "Status").

Get-ExchangeCertificate | where {$_.IsSelfSigned -eq "True"} | ft -auto Thumbprint, Services, Subject, Status

Open in new window


Then, run the following command using the associated thumbprint for each expired self-signed certificate and confirm replacement.

Get-ExchangeCertificate -Thumbprint "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" | New-ExchangeCertificate

Open in new window


Once the self-signed certificates are renewed, you should remove the expired ones if still exist.

Reference ... https://technet.microsoft.com/en-us/library/ee332322(v=exchg.141).aspx#Anchor_3


For publicly issued certificates, check the certificate for proper installation here ... https://www.digicert.com/help/
0
 
Hasin Ahmed ChoudharyConnect With a Mentor Exchange AdministratorCommented:
If certificate shows okay, intermediate  Cert will be present.   verify it from certificates console from MMC.

If not present, simply import it from there.

Ref link: https://support.globalsign.com/customer/portal/articles/1229917-install-intermediate-certificate-mmc-windows-xp-
0
 
InSearchOfAuthor Commented:
Thanks for the info. What about the other expired self signed certs in the screenshots?
0
 
Hasin Ahmed ChoudharyExchange AdministratorCommented:
Once you have moved all the services to a valid certificate, you can actually delete them.

Better to delete from the EMC , rather than Certificate.msc console.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.