• Enfield, Waltham Abbey
  • 0844 567 4250


How to renew a self signed certificate in Exchange Server 2007

Nov 24

Written by:
Thu, 24 Nov 2011 22:06:13 GMT  RssIcon

The Exchange 2007 self signs a certificate when the server role is first added for all the Exchange services that run in unison with IIS (smtp & owa etc). The  certificate expires after one  year from the date the server was first installed or the date the certificate was assigned manually.

First, check the status of the certificate by opening the Exchange Management Shell and executing the command 'Get-ExchangeCertificate |FL' - this displays all information about the currently assigned certificates and the status of each certificate.

It is common that they may be more than one certificate listed in the display - if that is the case, find the certificate that shows an expired date in the field 'NotAfter' - as this defines when each certificate becomes invalid/expired. An expired certificate may cause problems such as connectivity to web services, SMTP transport and Outlook prompting certificate security warnings.

Use the following steps to generate a new certificate and enable it to run IIS services:

1. Type 'Get-ExchangeCertificate |FL' – This only lists details of certificates that are assigned to Exchange Services. Then note down the Thumbprint of the expired certificate.

2. Then type 'Get-ExchangeCertificate –Thumbprint “9E6DD4B4EA2865CA9E6C34B42329A9AC994EBF63” | New-ExchangeCertificate' . This generates a new certificate, and you will then be prompted to confirm if you want to overwrite the expired certificate and use the new one for the SMTP service.

3. If you run the cmdlet in step 1 you will notice the new certificate is not used to secure IIS services anymore. Make a note of the new thumbprint and run the following command typing the new thumbprint between the quotation marks: 'Enable-ExchangeCertificate – Thumbprint “7A843B04EA2865CA9E6C34B42329AEE4456F9013” –Services IIS'

4. Be sure to verify all the services are working correctly after renewing and enabling the certificate - test Outlook clients by closing and opening Outlook to esnure there are no security certificate warnings.

6. Finally, Remove the old certificate by typing the following cmdlet into the management shell: Remove-ExchangeCertificate –Thumbprint “9E6DD4B4EA2865CA9E6C34B42329A9AC994EBF63".


After trying the steps above if you are still having problems trying to renew the certificate or you get Security Warnings please do not hesitate to Contact US and one of our Engineers will be happy to help.

Please Read:

If this Free tutorial was able to help - show us some support and help keep this knowledge base free by liking us on facebook, +1 us on Google Plus, install our amazing toolbar for instant access to our RSS feeds, follow us on twitter for all the latest trends in I.T and finally join our fantastic community forum where you can find help on all things I.T - from building your own PC to fix-it-yourself solutions from the Pros!

**Revenue from Pay-Per-Click Advertising is used to support this forum, any excess is donated to Doctors Without Borders**

Copyright Passionate About I.T © 2012

5 comments so far...


There is a space before "Thumbnail" in step 3. Took me a few seconds to notice it, but enough to cause an error at this point...otherwise and excellent guide. Thank you :-)

By Julian on   Thu, 04 Oct 2012 14:37:04 GMT


By 3nc1k on   Fri, 08 Mar 2013 08:13:31 GMT

100% thank you very much for your help to others wrt ,,, IT Tech's

By mitch on   Mon, 27 May 2013 09:48:49 GMT

Works like a charm!

By Thnx on   Mon, 13 Apr 2015 10:13:28 GMT

Hi, thanks for this guide, but I am facing two issues....The certificate is not saving to C:\ and IIS service is not enabled with new certificate. Please advise what could be the issue.

By Manoj on   Wed, 15 Apr 2015 06:03:04 GMT

Your name:
Gravatar Preview
Your email:
(Optional) Email used only to show Gravatar.
Security Code
Enter the code shown above in the box below
Add Comment   Cancel 

Contact Us

Have an I.T Problem? Get in touch for an informal chat and find out how we can help

Click here

Blog Calendar

<April 2020>
By continuing to use this site you agree to the use of cookies. To view our policy on cookies click here