Expired Exchange Certificate in Test environment

Not applicable

I am working in a test environment I inherited from someone else. I am familiar with every version of Exchange starting with 4.0, but not Exchange 2016. The two servers have SAN certificates that have expired. Since it is test, no one really cares, except me, so I need to know the best way to fix it. The easiest way is to just use the EAC but since the certificate is expired, the Renew link is not active. I tried using the wizard (+) sign, but it only gives me the option to create a self-signed certificate. Not one one to submit to a CA. I quickly did the self-signed and deleted the expired ones, but how to I create a certificate to submit to our internal test CA?

6 Replies


To create a certificate for submission to a Certificate Authority (CA) for Exchange, you can follow these general steps:

  1. Open the Exchange Management Console (EMC) on your Exchange server.

  2. Navigate to the "Server Configuration" tab and select the server that you want to generate the certificate for.

  3. In the Actions pane, click "New Exchange Certificate" to start the Certificate Wizard.

  4. On the Introduction page, click Next to proceed.

  5. On the Request Information page, enter the required information, such as the fully qualified domain name (FQDN) of your Exchange server and your organization's name.

  6. On the Domain Scope page, select the domains for which you want the certificate to be valid, such as your internal domain name and your external domain name.

  7. On the Exchange Services page, select the Exchange services that you want to assign the certificate to, such as Outlook Web App (OWA), Exchange ActiveSync, and Autodiscover.

  8. On the Certificate Name page, enter a name for the certificate.

  9. On the Organization and Location Information page, enter the organization and location information for the certificate.

  10. On the File to Save the Certificate page, specify the location where you want to save the certificate request file.

  11. Review your selections on the Summary page, and click New to create the certificate request.

  12. Submit the certificate request file to your CA for processing.

  13. After the CA issues the certificate, use the "Complete Pending Request" wizard in the EMC to import and assign the certificate to the appropriate Exchange services.

Please click Mark as Best Response & Like if my post helped you to solve your issue. This will help others to find the correct solution easily.

Thanks but this is what I did. The problem is the only option I had was to create a Self Signed Certificate. There was no option to create a CSR for a certificate authority. I don't know if the Self Signed is what I want. Typically I do this using the MMC snapin but I am on Windows Server 2016 and I can't seem to find the MMC. In the past I just typed MMC in the search box but with older versions of Windows.
open CMD and type mmc.msc and hit enter and the mmc should open then navigate to file and add and remove snap in and add the certificate section
Thanks, but that did not work. Tried Windows PowerShell and Exchange PowerShell in addition to CMD. Is this a feature that needs to be added?
best response

@Deleted my bad just open cmd as admin and type mmc only and hit enter 




Thanks, that worked!
1 best response

Accepted Solutions
best response

@Deleted my bad just open cmd as admin and type mmc only and hit enter 




View solution in original post