I could be wrong on what this says as I can’t remember and did not take screenshots.Ī wizard should open up, in this wizard simply point it to the new certificate (the file we just saved at the end of step 4, shown above). Highlight this request, and on the Action Pane, select “Complete request”. Inside of the certificate list, you should see an item that has a status that says something about a pending request. Go back to the Exchange console where we left off. We now have a certificate that’s ready to be installed. Now select Submit! On the next page that loads, simply select “Download certificate” and save it to a location you’ll remember. Inside of the “Saved Request:” text box, paste your request from your clipboard (which we copied to your clipboard above), then for “Certificate Template:” choose “Web Server”. Once you find it, highlight it and select “Renew Exchange Certificate…” on the action pain to the right.Īnd now, choose “Submit a certificate request by using a base-64 encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file.”, again example below:įinally, we are going to populate the request.
To get the details on the certificates, simply double click and it will load the info, if you’re unsure of which certificate it is, use the thumbprint provided in the Event viewer, and compare it to the Thumbprint on the “Details” tab of the certificate.
Look for your certificate that is about to expire. It should load up your Exchange Certificates on the lower half of your screen. Load up the Exchange Console, and select the “Server Configuration” on the left. You take your own risk if you perform the instruction in this blog post. In my environment, I have 1 server that acts as a Domain Controller and a Certificate authority, and a second server that is running Microsoft Exchange 2010. Depending on you’re environment, this may or may not be the best way or the right way to do this. ZOMGZOMGZOMGZOMGZOMGZOMGZOMGZOMG, hours remaining: 664 Event Log Name: Application Event Log Type: errorĪnyways, first off, DO NOT use this tutorial if your running “Microsoft Small Business Server”, there is a better, easier, and more automated way to perform this on SBS (I won’t be covering that in this blog post, I will however make another one to explain the procedure). Run the New-ExchangeCertificate cmdlet to create a new certificate.Ĭomputer: Event Description: An internal transport certificate will expire soon. When it comes time to renew your certificate, you’ll be seeing these in your Event Viewer:Ĭomputer: Event Description: The STARTTLS certificate will expire soon: subject:, thumbprint: ZOMGZOMGZOMGZOMGZOMGZOMGZOMGZOMG, hours remaining: 664. Also, all the tutorials on the net use the Shell, I rather use the GUI… Ton’s of articles on the internet, however tons don’t cover what you do if you have your own certificate authority and DON’T want to use a self-signed certificate. Wow, what a horrible weekend it has been dealing with all these certificate expirations (both clients, and my own).