Cloning Self-Signed Certificates on HUB transport servers
Hi all, our certificates on our HUB severs will expire soon, so im just wondering if the following command will renew the cerificate. More specific do i have to specifiy the time when the certificate will be valid, or will this command make the new certiifcate
the SAME as the old one, and will it last for ONE year from the time when i run this command?
Can there be any imapact on the mailflow after running this command?
Get-ExchangeCertificate <thumbprint> | New-ExchangeCertificate
http://technet.microsoft.com/en-us/library/bb851505(EXCHG.80).aspx#CertificateTrustandValidation
All the best, and thanks!!!!
Zarko
July 26th, 2010 9:20am
Hello,
This link will answer all your questions
Clone an Existing Certificate
http://technet.microsoft.com/en-us/library/ee861121.aspx
Arun Kumar | MCSE - 2K3 + Messaging | ITIL-F V3
Free Windows Admin Tool Kit Click here and download it now
July 26th, 2010 6:45pm
Hi,
"Get-ExchangeCertificate <thumbprint> | New-ExchangeCertificate"
This command will not cause problems on message floow. It clones a certificate from your existing certificate. The new certificate is the same as the old one. They have
the same certificate domains.
If the existing certificate is being used as the default SMTP certificate, you will get the following prompt:
Confirm
Overwrite existing default SMTP certificate,
‘C5DD5B60949267AD624618D8492C4C5281FDD10F’ (expires 8/22/2008 7:20:34 AM), with certificate ’3DA55740509DBA19D1A43A9C7161ED2D0B3B9E3E’ (expires 1/28/2009 7:37:31 AM)?
[Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help
(default is “Y”):
The default SMTP certificate is used to encrypt SMTP sessions between transport servers in your organization.
Type y to continue. A new certificate is generated.
Self-signed certificates that are created by Exchange expire in one year. The internal components that rely on the default self-signed certificates continue to operate even if the
self-signed certificate has expired. However, when the self-signed certificate has expired, events are logged in Event Viewer. It is a best practice to renew the self-signed certificates before they expire.
July 27th, 2010 5:18am
Hi,
"Get-ExchangeCertificate <thumbprint> | New-ExchangeCertificate"
This command will not cause problems on message floow. It clones a certificate from your existing certificate. The new certificate is the same as the old one. They have
the same certificate domains.
If the existing certificate is being used as the default SMTP certificate, you will get the following prompt:
Confirm
Overwrite existing default SMTP certificate,
‘C5DD5B60949267AD624618D8492C4C5281FDD10F’ (expires 8/22/2008 7:20:34 AM), with certificate ’3DA55740509DBA19D1A43A9C7161ED2D0B3B9E3E’ (expires 1/28/2009 7:37:31 AM)?
[Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help
(default is “Y”):
The default SMTP certificate is used to encrypt SMTP sessions between transport servers in your organization.
Type y to continue. A new certificate is generated.
Self-signed certificates that are created by Exchange expire in one year. The internal components that rely on the default self-signed certificates continue to operate even if the
self-signed certificate has expired. However, when the self-signed certificate has expired, events are logged in Event Viewer. It is a best practice to renew the self-signed certificates before they expire.
Note that since Exchange 2007 SP2, the self-signed Exch certificate has a 5 year validity.
Free Windows Admin Tool Kit Click here and download it now
July 27th, 2010 5:43am
Tnx All
July 27th, 2010 8:56am