Exchange Server 2007 Renewing the self-signed certificate

Reading Time: < 1 minute

By default, the exchaneg certificate expires after one year. You will find that users are prompted with a certificate error when launching Outlook 2007 or Outlook 2010. To renew the certificate follow the instructions below:

1) Launch Exchange 207 management shell

2) Type View certificates installed on Exchange 2007 server
Get-ExchangeCertificate | fl

3) Locate the expired certificate.

4) Take a note of the thumbprint ID

5) Type Get-ExchangeCertificate -thumbprint “enter thumbprint id here” | New-ExchangeCertificate

Note: To create a new certificate with an exportable private key, use the PrivateKeyExportable parameter. For example:
New-ExchangeCertificate -PrivateKeyExportable $true

6) The new certificate is generated. Examine the new certificate details by typing Get-ExchangeCertificate -thumbprint “thumb print id here” | fl

7) You may find that the old certificate was enabled for IIS, the new one is not. To enable for IIS type Enable-ExchangeCertificate -thumbprint “thumprint id here” -services IIS

8.) Once done, test

9) When sure remove the expired certificate by typing Remove-ExchangeCertificate -thumbprint “thumprint id here”