Renewing an expired certificate in Exchange 2007

Continuing on a theme of how to fix those niggly little problems in Exchange Server, today it's the turn of this error when starting Outlook:

The cause? An SSL certificate that expired some time last year - the default Exchange self-signed certificate seems to have a default validity of a year, after which you get the warning above when starting Outlook.

The solution turns out to be very simple. In Exchange Management Console, grab a list of your certificates with the "Get-ExchangeCertificate" cmdlet:

You can then view further details by piping the output into the list formatter:

Once you've done that, you can renew the certificate. Create a new one by running the following cmdlet ({Thumbprint} is the Thumbprint listed in the details above, or can be ignored if you've only got one certificate to start with:

Get-ExchangeCertificate {Thumbprint} | New-ExchangeCertificate

The new certificate will now exist (check with Get-ExchangeCertificate) and will have a new Thumbprint. Now you just need to enable it for IIS's use:

Enable-ExchangeCertificate -Thumbprint {Thumbprint} -Services "IIS"

You should now see a "W" listed in the services column for that certificate if you run Get-ExchangeCertificate:

Finally, if you wish, you can use Remove-ExchangeCertificate to remove the old one.

Restart Outlook, and it should be happy again!

Views: 22668


You need to be a member of The SysAdmin Network to add comments!

Sharing problems, tips, and experiences in Systems Administration, especially the human side.



  • Add Photos
  • View All


  • Add Videos
  • View All

© 2014   Created by Dan Taylor.   Powered by

Badges  |  Report an Issue  |  Terms of Service