Exchange Server Share

… Information sharing on Exchange Server …

Exchange 2007 SP2: Self-Signed Certificate Validity Changed

When we install Exchange 2007, by default it install a self-signed certificate with one year validity. This causes a problem for the Admins when a year completes, specially when they are not much familiar with Powershell Cmdlets because self-signed certificate can be renewed with EMS cmdlets only.

However it is pretty simple to renew self-signed certificate and requires going through below 4 steps only.

  • Get the list of Exchange Certificates with below cmdlet and note the ThumbPrint of the certificate which is about to expire or already expired but still some services are attached with it.

Get-ExchangeCertificate | FL ThumbPrint, isSelfSigned, NotBefore, NotAfter, Services

  • Create a new certificate for the expiring certificate.

Get-ExchangeCertificate “ThumbPrintOfExpiringCertificate” | New-ExchangeCertificate

  • When you create new certificate, by default it is enabled for POP, IMAP and SMTP services based on old certificate properties but if old certificate is enabled for IIS services too, then you need to enable IIS service for new certificate manually with below cmdlet.

Enable-ExchangeCertificate -ThumbPrint “ThumbPrintOfNewCertificate” -Services IIS

  • Remove old certificate since it is no more required.

Remove-ExchangeCertificate –ThumbPrint “ThumbPrintOfExpiringCertificate”

So what’s new with Exchange 2007 Service Pack 2?

Fresh installation of Exchange 2007 Service Pack 2 issues a self-signed certificate with 5 Years of validity. Yes, so you don’t have to renew self-signed certificate every year. This is a big relief for small organizations when they don’t use a certificate issued by anyone of the trusted 3rd party CAs.

Note: Self-Signed certificate validity doesn’t change in case of upgradation of existing Exchange 2007 or Exchange 2007 Service Pack 1 Server to Exchange 2007 Service Pack 2.

Since this change is already implemented in Exchange 2007 Service Pack 2, hopefully we can expect the similar behavior in Exchange 2010 by the time it RTMs !?!?! 🙂

Written by Amit Tank

October 1, 2009 at 12:16 am

One Response

Subscribe to comments with RSS.

  1. When I encounter problems at the bench, I use my computer to learn from other watchmakers. ,


    October 22, 2009 at 4:27 pm

Comments are closed.

%d bloggers like this: