I have event 12016. TLS and SMTP cert expired. is it as simple as using new-exchangecertificate and confirming the overwrite?

If you have selfsigned certificate then you can create new self-signed certificate. You can use command New-exchangecertificate, You must then enabe new cert. for SMTP service. http://technet.microsoft.com/en-us/library/bb218138(EXCHG.80).aspx If your cerificate is from trusted CA then you must create new request for your certificate. More you can find on http://technet.microsoft.com/en-us/library/aa998840(EXCHG.80).aspx

that link doesnt tell me much. the other technets say too much.

Get the thumbprint of existing cert Get-ExchangeCertificate -domain “e12postcard.e12labs.com” | fl Then renew the existing cert Get-ExchangeCertificate -thumbprint “C5DD5B60949267AD624618D8492C4C5281FDD10F” | New-ExchangeCertificate You will get prompt to overwrite existing say yes. Check again to see if the valid date range is updated. Get-ExchangeCertificate -thumbprint “3DA55740509DBA19D1A43A9C7161ED2D0B3B9E3E” | fl Exchange Server 2007: Renewing the self-signed certificate http://exchangepedia.com/2008/01/exchange-server-2007-renewing-the-self-signed-certificate.htmlJames Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com

https://www.digicert.com/easy-csr/exchange2007.htm Please find the certificate command, Get-ExchangeCertificate | fl Reference : http://technet.microsoft.com/en-us/library/bb124950(EXCHG.80).aspx Certificate Use in Exchange Server 2007 http://technet.microsoft.com/en-us/library/bb851505(EXCHG.80).aspx Create Certificate for Exchange 2007 Servers using Windows CA Create Certificate for Exchange 2007 Servers using Windows CA Exchange 2007 uses SSL for OWA and SMTP, the exchange certificate created by the installation is not suitable for Exchange 2007 use. You need to create a new certificate using SAN (Subject Alternate Name) extension to support the multi value names used by Exchange servers and clients. Step1: Use Exchange Management Shell to create the CSR (Certificate request) New-ExchangeCertificate -GenerateRequest - Domainname mail.demo.com, ServerName.internal.com, autodiscover.demo.com, ServerName -FriendlyName mail.demo.com -PrivateKeyExportable: $True -path c:\Cert.req The first name in the certificate should be your external server name, the certificate should include the servers FQDN, NetBIOS Name and Autodiscovery for Outlook 2007 users. Step2: Open the CSR file created in the previous step and copy it. Open you CA web page and click the Request a certificate Click the advanced certificate request Select the Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file. Paste the CSR from step1 and select the web server template Clicks submit if this is an Enterprise CA your request will be processed immediately else issue the certificate manually and downloaded it for the CA. Click download and save the file. Step3: Now import the certificate to the Exchange server using Exchange Management Shell Import-ExchaneCertificate -path c:\hdhdh.cer | Enable-ExchangeCertificate -Services IIS, SMTP Now the certificate should look like this: The subject should include you external server name (if exposed to the internet) The Subject Alternate Name should include all names supplied in the request