Hi all, our certificates on our HUB severs will expire soon, so im just wondering if the following command will renew the cerificate. More specific do i have to specifiy the time when the certificate will be valid, or will this command make the new certiifcate the SAME as the old one, and will it last for ONE year from the time when i run this command? Can there be any imapact on the mailflow after running this command? Get-ExchangeCertificate <thumbprint> | New-ExchangeCertificate http://technet.microsoft.com/en-us/library/bb851505(EXCHG.80).aspx#CertificateTrustandValidation All the best, and thanks!!!! Zarko

Hello, This link will answer all your questions Clone an Existing Certificate http://technet.microsoft.com/en-us/library/ee861121.aspx Arun Kumar | MCSE - 2K3 + Messaging | ITIL-F V3

Hi, "Get-ExchangeCertificate <thumbprint> | New-ExchangeCertificate" This command will not cause problems on message floow. It clones a certificate from your existing certificate. The new certificate is the same as the old one. They have the same certificate domains. If the existing certificate is being used as the default SMTP certificate, you will get the following prompt: Confirm Overwrite existing default SMTP certificate, ‘C5DD5B60949267AD624618D8492C4C5281FDD10F’ (expires 8/22/2008 7:20:34 AM), with certificate ’3DA55740509DBA19D1A43A9C7161ED2D0B3B9E3E’ (expires 1/28/2009 7:37:31 AM)? [Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is “Y”): The default SMTP certificate is used to encrypt SMTP sessions between transport servers in your organization. Type y to continue. A new certificate is generated. Self-signed certificates that are created by Exchange expire in one year. The internal components that rely on the default self-signed certificates continue to operate even if the self-signed certificate has expired. However, when the self-signed certificate has expired, events are logged in Event Viewer. It is a best practice to renew the self-signed certificates before they expire.

Hi, "Get-ExchangeCertificate <thumbprint> | New-ExchangeCertificate" This command will not cause problems on message floow. It clones a certificate from your existing certificate. The new certificate is the same as the old one. They have the same certificate domains. If the existing certificate is being used as the default SMTP certificate, you will get the following prompt: Confirm Overwrite existing default SMTP certificate, ‘C5DD5B60949267AD624618D8492C4C5281FDD10F’ (expires 8/22/2008 7:20:34 AM), with certificate ’3DA55740509DBA19D1A43A9C7161ED2D0B3B9E3E’ (expires 1/28/2009 7:37:31 AM)? [Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is “Y”): The default SMTP certificate is used to encrypt SMTP sessions between transport servers in your organization. Type y to continue. A new certificate is generated. Self-signed certificates that are created by Exchange expire in one year. The internal components that rely on the default self-signed certificates continue to operate even if the self-signed certificate has expired. However, when the self-signed certificate has expired, events are logged in Event Viewer. It is a best practice to renew the self-signed certificates before they expire. Note that since Exchange 2007 SP2, the self-signed Exch certificate has a 5 year validity.

Tnx All