Friday, October 14, 2011

Renewing the self-signed certificate Exchange Server 2007:

Exchange Server 2007 need to renewal a self-signed certificate for use with services like SMTP,IMAPPOPIIS and Um every one year.


1. Find out your exchange certificate thumbprint with full information and services list
Get-ExchangeCertificate -domain “yourdomain.com” | fl


2. Get a new certificate with a new expiration date and an exportable private key:
Get-ExchangeCertificate -thumbprint “your_old_thumb_print” | New-ExchangeCertificate -PrivateKeyExportable $true


3. Type Y to continue creation of certificate. It'll show new thumbprint


4.  Check services of new certificate:
Get-ExchangeCertificate -thumbprint “your_new_thumb_print” |fs


5. To add required/missing services:
Enable-ExchangeCertificate -thumbprint “your_new_thumb_print” -services IIS


6. To remove invalidates/expired certificate
Remove-ExchangeCertificate -thumbprint “your_old_thumb_print




You need to Publish them to ISA for WebMail user
1. Using MMC from your mailserver
2. Add/Remove Snap-in > Add > Certificates > Local
3. Under Personal/Certificates, Select Your New Certificate
4. Right Click > All Tasks > Export > Next
5. Select Yes to export  the private key
6. Provide password and check required option
7. It generated PFX file
8. Generated CER and/or P7B if required
9. Import to Trust
10. Under Trust/Certificate Right Click > All Tasks > Import > Next
11. Chose the CER file
12. Same Snap-in for your ISA server
13. Right Click > All Tasks > Import > Next
14. Chose the PFX file
15. Import to trust
16. Open ISA Server Management
17. ISAServer > Firewall Policy > Webmail
18. Double click Mail Listener
19. From Certificate tab, Select Certificate
20. Select your new and active certificate then Apply



No comments:

Post a Comment