Exchange 2007 smtp certificate expired
Hi, it appears that the self signed tls certificate has expired on our exchange 2007 server, i have gone into the command shell and run the cmdlet New-ExchangeCertificate which stated do you want to replace the old cert with a new one, which we said yes too, however, our outlook 2007 clients still get requested to install the old cert from the server, they do not seem to be picking up the new one. is there something else that needs to be done to the the new certificate to be valid, pushed out etc. Regards. Chris.
September 24th, 2009 11:16am

Can you post the result of Get-ExchangeCertificate | FL here?Amit Tank | MVP Exchange Server | MCITP: EMA | MCSA: M | http://ExchangeShare.WordPress.com
Free Windows Admin Tool Kit Click here and download it now
September 24th, 2009 11:24am

here is what we get from running the command: [PS] C:\Windows\System32>Get-ExchangeCertificate | FL AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System .Security.AccessControl.CryptoKeyAccessRule, System.Securi ty.AccessControl.CryptoKeyAccessRule, System.Security.Acce ssControl.CryptoKeyAccessRule} CertificateDomains : {Vssrv7, Vssrv7.xxx.local} HasPrivateKey : True IsSelfSigned : True Issuer : CN=Vssrv7 NotAfter : 24/09/2010 09:10:27 NotBefore : 24/09/2009 09:10:27 PublicKeySize : 2048 RootCAType : None SerialNumber : 56FBB8FFDA7275A64FB3745389ED4E96 Services : IMAP, POP, SMTP Status : Valid Subject : CN=Vssrv7 Thumbprint : 112B60F6CB8FF4739F827DFBB8BD8DDA24288322 AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System .Security.AccessControl.CryptoKeyAccessRule, System.Securi ty.AccessControl.CryptoKeyAccessRule, System.Security.Acce ssControl.CryptoKeyAccessRule} CertificateDomains : {Vssrv7, Vssrv7.xxx.local} HasPrivateKey : True IsSelfSigned : True Issuer : CN=Vssrv7 NotAfter : 23/09/2010 15:35:25 NotBefore : 23/09/2009 15:35:25 PublicKeySize : 2048 RootCAType : None SerialNumber : 11D53A975CB430B44496EC4AAD55D2FF Services : IMAP, POP, SMTP Status : Valid Subject : CN=Vssrv7 Thumbprint : F1C48660096A4AD36341FC64BA3018427BCD9616 AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System .Security.AccessControl.CryptoKeyAccessRule, System.Securi ty.AccessControl.CryptoKeyAccessRule, System.Security.Acce ssControl.CryptoKeyAccessRule} CertificateDomains : {Vssrv7, Vssrv7.xxx.local} HasPrivateKey : True IsSelfSigned : True Issuer : CN=Vssrv7 NotAfter : 23/09/2009 12:46:45 NotBefore : 23/09/2008 12:46:45 PublicKeySize : 2048 RootCAType : Unknown SerialNumber : A3ED5EF2F1A7529446C8FEACF68C662E Services : IMAP, POP, IIS, SMTP Status : Invalid Subject : CN=Vssrv7 Thumbprint : 0D29DBE63DC95B9C9E1C1DFC78E2F1D024F0947C AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System .Security.AccessControl.CryptoKeyAccessRule, System.Securi ty.AccessControl.CryptoKeyAccessRule} CertificateDomains : {WMSvc-VSSRV7} HasPrivateKey : True IsSelfSigned : True Issuer : CN=WMSvc-VSSRV7 NotAfter : 21/09/2018 12:23:59 NotBefore : 23/09/2008 12:23:59 PublicKeySize : 2048 RootCAType : Registry SerialNumber : BC5CC1CD2C473EB64656AC60347528C5 Services : None Status : Valid Subject : CN=WMSvc-VSSRV7 Regards. Chris
September 24th, 2009 11:31am

Run below cmdlet to enable IIS service with renewed certificate. Enable-ExchangeCertificate -thumbprint "112B60F6CB8FF4739F827DFBB8BD8DDA24288322" -services IIS Once you stop getting prompted for old certicifate, remove the old one with below cmdlet... Remove-ExchangeCertificate -thumbprint "0D29DBE63DC95B9C9E1C1DFC78E2F1D024F0947C"Amit Tank | MVP Exchange Server | MCITP: EMA | MCSA: M | http://ExchangeShare.WordPress.com
Free Windows Admin Tool Kit Click here and download it now
September 24th, 2009 11:41am

ran the commands you suggested and restarted outlook, did not get prompted to install old cert, will see how it goes. Thanks again. Chris.
September 24th, 2009 11:46am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics