How To Remove An Expired Exchange 2007 Certificate and Create A New Certificate

IT Problem

You receive the message from your outlook clients the the certificate is no longer valid. This is down to your self signed certificates expiring.

We need to remove the expired certificate from exchange 2007 and then create a new certificate and allocate the correct services to the new certificate.

IT Solution

Ok so lets first Identify the expired certificate. We do this by running the following command.

Get-ExchangeCertificate |FL

This will show a screen similar to the below, serach for the date that is expired I have high lighted it below. Also copy and paste the “Thumbprint” to notepad , as we will need that.

As you can see, this cert has expired so we need to remove it. To do so run the command below. Replacing the thumbprint with YOUR thumbprint.

remove-ExchangeCertificate – Thumbprint “2342342342334234″

Once done we now need to create a new certificate. Do this with the command below.

New-ExchangeCertificate

This will create a new certificate for you, we now need this thumbprint so we can allocate a service to it. so enter again..

Get-ExchangeCertificate

Again make a note of your new thumbprint.

Now we are going to allocate the service to the new certificate. To do this we run the command below each time for each service. So run it for “SmtpSMTP or Simple Mail Transfer ProtocolSMTP or Simple Mail Transfer Protocol is a protocol used to send Email over the internet.SMTP runs on port 25 and it its most basic form uses three command/reply sequences.MAIL, RCPT and Data.So an email client sends an email to another client by connecting to the SMTP server of a company which then sends the email to another companies SMTP server which inturn sends the email to the local client. is a protocol used to send Email over the internet.SMTP runs on port 25 and it its most basic form uses three command/reply sequences.MAIL, RCPT and Data.So an email client sends an email to another client by connecting to the SMTP server of a company which then sends the email to another companies SMTP server which inturn sends the email to the local client.”,”IIS”,”IMAP” and “POP” if you require it. Remeber to rpalce the thumbprint with the one you copied to notepad earlier.

Enable-ExchangeCertficate -Thumbprint “234234234234234234″ -Service “<span class="domtooltips">SMTP<span class="domtooltips_tooltip" style="display: none">SMTP or Simple Mail Transfer Protocol is a protocol used to send Email over the internet.SMTP runs on port 25 and it its most basic form uses three command/reply sequences.MAIL, RCPT and Data.So an email client sends an email to another client by connecting to the SMTP server of a company which then sends the email to another companies SMTP server which inturn sends the email to the local client.</span></span>”

You wil get asked if you would like all services to go on this certificate select “A” and it will allocate the services. If you want to allocate the services manually then run the above command again for each service, IIS,POP,SMPTP or IMAP.

1. Create or Remove A Static Route In A Windows OS
2. Create A Routing Group Connector Between Exchange 2003 and Exchange 2010
3. Out Of Office Doesn’t Work After Installing Exchange 2007 Or 2010
4. Setup Exchange 2007/2010 Whitelists.
5. Remove a Windows Service via registry