Forum Discussion

EMR88's avatar
EMR88
Copper Contributor
Mar 09, 2024

Trouble Renewing self-signed Exchange 2019 certificate

I have an Exchange 2019 CU14 server whose self-signed certificate (for IIS and SMTP) has expired.   I used the Get-ExchangeCertificate cmdlet to find the thumbprint for the expired certificate.   How...
certificate errors
Exchange Server 2016 2019
Exchange Web Services
EMR88's avatar
EMR88
Copper Contributor
Apr 05, 2024
Thanks for your post. Although no one replied, I did find the solution using Powershell.

$newAuthCertificate = New-ExchangeCertificate -KeySize 2048 -PrivateKeyExportable $true -SubjectName "cn=Microsoft Exchange Server Auth Certificate" -FriendlyName "Microsoft Exchange Server Auth Certificate" -DomainName @()
SAY N (No) to overwriting the existing SMTP certificate
Set-AuthConfig -NewCertificateThumbprint $newAuthCertificate.Thumbprint -NewCertificateEffectiveDate (Get-Date).AddHours(49)

You may find this article helpful:
https://learn.microsoft.com/en-us/answers/questions/597361/how-to-renew-microsoft-exchange-server-auth-certif
SaschaSeipp's avatar
SaschaSeipp
Brass Contributor
Apr 05, 2024

EMR88 Well, the Auth certificate from my understanding is something else than the one used for IIS and SMTP, although when only using self-signed certs it might not matter to Exchange. I think the important thing which you then also used is that you may just generate a new certificate and don't necessarily need to "renew" the old one.

 

Again, from my understanding: For a regular webserver, you can just let the CA renew the certificate and use that with your given private key (which obviously can't work for self-signed certs when there is no CA involved). But in Exchange this seems not to be possible even for CA certs. Which is not a problem once you have figured out how it works.

 

But the important thing is that we both found a solution! :smile:

Resources