Home > Exchange 2007 > Renew Certificates in Exchange 2007 HUB-CAS

Renew Certificates in Exchange 2007 HUB-CAS

You may encounter an alerts from your monitoring systems about your certficate is going to expired in couple of days. In this state you must renew your certificate before its cross timeline. Renewing certificate is very straight forward process and same as you assign it first time.

Here, I am considering local PKI to renew certificates.

1. Alarm

If you check event viewer in server where certificates is going to expired, you will see below log.

Event Type: Warning
Event Source: MSExchangeTransport
Event Category: TransportService
Event ID: 12018
Date:  3/24/2011
Time:  12:04:07 PM
User:  N/A
Computer: ABCFE01

The STARTTLS certificate will expire soon: subject: abcfe01.abc.com, hours remaining: E87B5D0BD9E5108BCAA8DBE1B3437E93B781BF4C. Run the New-ExchangeCertificate cmdlet to create a new certificate.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

2. Generate new Certificate

To generate new certificate in Exchange 2007 server, First you need to collect SAN URL name from existing certificates, To do so you can go into OWA and see details or you can use MMC console and click on existing certificates.

DNS Name=abcfe01
DNS Name=abcfe01.abc.com
DNS Name=autodiscover.abc.com
DNS Name=mail.abc.com

Now, Login to FE server and  open EMS to run below cmdlet to generate request.

New-ExchangeCertificate -generaterequest -subjectname “E=admin@abc.com,CN=abcfe01,OU=exchange,O=ABC,L=DH,S=India” -domainname abcfe01,abcfe01.abc.com,aut
odiscover.abc.com -PrivateKeyExportable $true -path c:\certrequest.txt

3. Generate certificate in PKI CA console.

Now, you need to login your internal PKI CA console and generate certificate using request file “certrequest.txt”. Generate certificate and save it.

Note: There should not be left spaces when paste content into console.

4. Importing Certificate

Login to Exchange 2007 server abcfe01 and open EMS. Run below cmdlet to import it and enable required services.

Import-ExchangeCertificate -path c:\certnew.cer

Enable-ExchangeCertificate -Services IIS,SMTP,IMAP,POP -Thumbprint “Keep Without quote”

By default IMAP,POP services would be enables, If you need, you can enable it again.

It will ask you override exisiting certificate , here you will select “Yes”

Once it is imported and assigned for certificates you can verify it theu OWA (for IIS) and test mail flow for SMTP. Also you can see eventviewer to verify it.


Event Type: Information
Event Source: MSExchangeTransport
Event Category: Configuration
Event ID: 16002
Date:  3/30/2011
Time:  10:30:07 AM
User:  N/A
Computer: abcfe01
The new transport server configuration has been read and components have been notified.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


5. Delete old cetificates

After everything is working fine you can go ahead and delete old certificates (make sure you have selected correct thumbprint)

Run cmdlet below:

Remove-certificate -thumbprint

Now you have done renewal of you certificate thru KPI CA.

Categories: Exchange 2007
  1. March 12, 2012 at 4:10 pm

    I like that site layout ! How was it made. Its really good!

  2. March 15, 2012 at 9:53 pm

    Thanks for your comment. Its very simple just create new blog on wordpress and select INove by NeoEase format.

  3. July 16, 2013 at 11:56 am

    Hi there, You’ve done a great job. I’ll certainly digg it and personally recommend to
    my friends. I am sure they’ll be benefited from this site.

    • July 19, 2013 at 9:43 am

      Glad to see it helped you :). Keep visiting and rocking !!!

  4. July 22, 2013 at 3:33 am

    Just wish to say your article is as surprising. The clarity for your submit is simply excellent
    and that i can suppose you’re an expert on this subject. Well with your permission allow me to snatch your RSS feed to stay updated with drawing close post. Thank you one million and please keep up the enjoyable work.

  5. July 23, 2013 at 5:07 am

    After looking over a handful of the blog articles on your blog, I honestly like your
    technique of writing a blog. I saved it to my bookmark site list and
    will be checking back in the near future. Take a look at my website too and let me know your opinion.

  6. July 23, 2013 at 9:31 am

    Hello to all, since I am truly eager of reading this webpage’s post to be updated daily. It includes pleasant information.

  7. July 23, 2013 at 9:33 am

    Hello there, just became alert to your blog through Google, and found that it’s really informative. I’m gonna watch out for brussels.

    I will be grateful if you continue this in future. Numerous people will be benefited from your writing.

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: