Updating SSL Certificate

Copper Contributor

Hello!   I am trying to update our expiring SSL certificate and here is what I am following to do so:

 

To Install an Intermediate Certificate in Microsoft Exchange Server 2016

  1. Click Start, and then click Run....
  2. Type mmc, and then click OK. The Microsoft Management Console (Console1) window opens.
  3. In the Console1 window, click File, and then select Add/Remove Snap-in.
  4. In the Add or Remove Snap-ins window, select Certificates, and then click Add.
  5. In the Computer Account window, select Computer Account, and then click Next.
  6. In the Select Computer window, select Local Computer, and then click Finish.
  7. In the Add or Remove Snap-ins window, click OK.
  8. In the Console1 window, click + to expand the Certificates (Local Computer) folder on the left.
  9. Right-click Intermediate Certification Authorities, mouse over All Tasks, and then click Import.
  10. In the Certificate Import Wizard window, click Next.
  11. Click Browse to find the intermediate certificate file.
  12. In the Open window, change the file extension filter to PKCS #7 Certificates (*.spc;*.p7b), select the *_iis_intermediates.p7b file, and then click Open.
  13. In the Certificate Import Wizard window, click Next.
  14. Select Place all certificates in the following store, and then click Browse.
  15. In the Select Certificate Store window, select Intermediate Certification Authorities, and then click OK.
  16. In the Certificate Import Wizard window, click Next.
  17. Click Finish.
  18. Click OK.
  19. Close the Console1 window, and then click No to remove the console settings.
  1. To Install an SSL Certificate in Microsoft Exchange Server 2016
    1. Log in to the Exchange Admin Center.
    2. From the left menu, select Servers, and then click Certificates.
    3. Select your certificate (it has a “Pending request” status), and then click Complete.
  2. For File to import from, enter the certificate file path we provided (such as \\server\folder\coolexample.crt), and then click OK. Exchange installs your certificate.
  3. In the Certificates section, select your certificate again (the status changed to “Valid”), and then click Edit (pencil icon).
  4. Click Services, select the services to which the certificate applies (SMTP, UM, UM call router, IMAP, POP, and/or IIS), and then click OK. Your certificate is now ready to use with Exchange 2016.

 

 

The issue I get is at the "pending certificate" does not show up in the list in EAS, just the original certificate still showing "expires on" as shown in the image.   I have tried several times, verified that I am downloading the Exchange SLL, verified that it is for this particular server, restarted IIS etc etc.  The server is on prem physical Windows 2016 Exchange server and there is only only one.

 

Ideas?

Thanks!

2 Replies

@RoRoSystems 

 

Was the initial CSR generated on the same exchange server? or just imported from a previously sourced pfx?

 

 

An SSL certificate is crucial for website security, encrypting data transmission, and fostering trust with visitors. However, these certificates have a limited lifespan, typically 1 or 2 years. It's essential to renew before expiration to ensure sustained security and prevent potential issues like security vulnerabilities, website warning messages, and drops in search engine rankings. If you'd like to explore further, check out these blogs for detailed insights. https://www.cheapsslshop.com/blog/category/ssl-certificate-installation