Exchange Server 2007 need to renewal a self-signed certificate for use with services like SMTP,IMAP, POP, IIS and Um every one year.
1. Find out your exchange certificate thumbprint with full information and services list
Get-ExchangeCertificate -domain “yourdomain.com” | fl
2. Get a new certificate with a new expiration date and an exportable private key:
Get-ExchangeCertificate -thumbprint “your_old_thumb_print” | New-ExchangeCertificate -PrivateKeyExportable $true
3. Type Y to continue creation of certificate. It'll show new thumbprint
4. Check services of new certificate:
Get-ExchangeCertificate -thumbprint “your_new_thumb_print” |fs
5. To add required/missing services:
Enable-ExchangeCertificate -thumbprint “your_new_thumb_print” -services IIS
6. To remove invalidates/expired certificate
Remove-ExchangeCertificate -thumbprint “your_old_thumb_print”
You need to Publish them to ISA for WebMail user
1. Using MMC from your mailserver
2. Add/Remove Snap-in > Add > Certificates > Local
3. Under Personal/Certificates, Select Your New Certificate
4. Right Click > All Tasks > Export > Next
5. Select Yes to export the private key
6. Provide password and check required option
7. It generated PFX file
8. Generated CER and/or P7B if required
9. Import to Trust
10. Under Trust/Certificate Right Click > All Tasks > Import > Next
11. Chose the CER file
12. Same Snap-in for your ISA server
13. Right Click > All Tasks > Import > Next
14. Chose the PFX file
15. Import to trust
16. Open ISA Server Management
17. ISAServer > Firewall Policy > Webmail
18. Double click Mail Listener
19. From Certificate tab, Select Certificate
20. Select your new and active certificate then Apply
Friday, October 14, 2011
Subscribe to:
Posts (Atom)