• RSS
  • Twitter
  • FaceBook

Exchange Server Forums

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Renewing self-signed SMTP certificate

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [Microsoft Exchange 2007] >> General >> Renewing self-signed SMTP certificate Page: [1]
Login
Message << Older Topic   Newer Topic >>
Renewing self-signed SMTP certificate - 20.Jan.2012 12:05:36 PM   
yakattack

 

Posts: 10
Joined: 19.Jan.2012
Status: offline 		I have a self signed certificate that will be expiring soon (details below). I have seen these two good articles on how to renew/create a new self signed certificate using the New-ExchangeCertificate cmdlet. I just have some concern. The self signed certificate is only for SMTP not for IMAP, POP, IIS which uses a 3rd party cert. How do I ensure that I'm only creating a new cert for SMTP and I don't disturb the IMAP, POP, IIS using the 3rd party cert? Will it just create a new cert with the same services as the old cert? I noticed in the examples that it creates for SMTP, IMAP, POP by default (not IIS).

Lastly, do I need to resart any services and is there any risk that mail flow will stop?

Thanks

Articles:
http://exchangepedia.com/2008/01/exchange-server-2007-renewing-the-self-signed-certificate.html
http://www.msexchangegeek.com/2009/04/24/how-to-renew-a-self-signed-certificate-in-exchange-server-2007/

Error:
The STARTTLS certificate will expire soon: subject: Server.domain.org, hours remaining: 15405C99D383FF1F0DD2EA0213DAD6A241B. Run the New-ExchangeCertificate cmdlet to create a new certificate.

Cert info (truncated):
[PS] C:\Get-ExchangeCertificate |FL

CertificateDomains : {mail.domain.org}
Issuer : CN=Thawte DV SSL CA, OU=Domain Validated SSL, O="Thawte, Inc.", C=US
NotAfter : 6/25/2014 4:59:59 PM
NotBefore : 5/2/2011 5:00:00 PM
RootCAType : ThirdParty
Services : IMAP, POP, IIS
Thumbprint : 624EB51B3D8BD0519E13044654E83D5857A

CertificateDomains : {Server, Server.domain.org}
Issuer : CN=Server
NotAfter : 1/27/2012 10:51:01 AM
NotBefore : 1/27/2011 10:51:01 AM
Services : SMTP
Thumbprint : 15405C99D3837CFF0DD2EA0213DAD6A241B
Post #: 1
RE: Renewing self-signed SMTP certificate - 22.Jan.2012 7:10:42 PM   
Zer0 G

 

Posts: 49
Joined: 12.Aug.2005
Status: offline 		Bharat's article is what I've used numerous times.

Just do a Get-exchange Certificate | FL

Then with what youve provided you just highlight the SMTP cert
Thumbprint : 15405C99D3837CFF0DD2EA0213DAD6A241B

and then type out

Get-ExchangeCertificate -thumbprint “15405C99D3837CFF0DD2EA0213DAD6A241B” | New-ExchangeCertificate

then just bounce the microsoft exchange transport service.

then you're all set!

< Message edited by Zer0 G -- 22.Jan.2012 7:13:12 PM >

(in reply to yakattack)
Post #: 2
RE: Renewing self-signed SMTP certificate - 23.Jan.2012 12:12:11 PM   
yakattack

 

Posts: 10
Joined: 19.Jan.2012
Status: offline 		Thanks, I do it.

Scott

(in reply to Zer0 G)
Post #: 3
RE: Renewing self-signed SMTP certificate - 24.Jan.2012 11:58:34 AM   
yakattack

 

Posts: 10
Joined: 19.Jan.2012
Status: offline 		Thanks, worked like a charm.

(in reply to yakattack)
Post #: 4

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [Microsoft Exchange 2007] >> General >> Renewing self-signed SMTP certificate Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts


Follow TechGenix on Twitter