I need to replace or renew an expired self assigned cert on an exchange server..... I believe that I will also need to export the cert and and the private key to import it into the Trusted Root Certification Authorities of this as well as another Exchange server. I just want to verify what I am thinking is correct as well as the procedure. To get the thumbprint of the expired certificate Get-ExchangeCertificate | FL To create a new certificate with exportable private key Get-ExchangeCertificate -thumbprint thumbprint | New-ExchangeCertificate -PriveateKeyExportable $true Overwrite existing default SMTP certificate - y To enable IIS service on the new certification Enable-ExchangeCertificate -thumbprint thumbprint -services IIS If I understand the process, these steps should create and activate the new certificate which will be present on the local exchange server under the Console Root>Certificated(Local Computer)>Certificates> Personal>Certificates. I would still need to export the certificate to file and import it into the Trusted Root Certification Authorities on both local and remote servers. I would also need to remove the expired certs from all locations on both servers. Am I on the right tract here?

Yup that is fine, you can also renew by doing get-exchangecertificate |new-exchangecertificate or you can just do your method. However if you do this method and you didnt set the original cert as exportable than just go ahead and do your method. Yes you will have to import it into the trusted root store of the other servers. James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com

If you see the Event ID 12015 on the Exchange server, please also refer to following Technet article: http://www.microsoft.com/technet/support/ee/transform.aspx?ProdName=Exchange&ProdVer=8.0&EvtID=12015&EvtSrc=MSExchangeTransport&LCID=1033 Frank Wang TechNet Community Support

Checking syntax for export and import: Export Certificate? Export-ExchangeCertificate -Thumbprint thumbprint -Path c:\certificates\mycert.pfx Import Certificate - on all Exchange Servers? Import-ExchangeCertificate -Path c:\certificates\mycert.pfx Anything else I need to be aware of?just another Steve

Hi Steve, Please see the "User Action" section in the link I provided:: If this warning occurred on a Hub Transport server, you must create the internal transport certificate on the Hub Transport server where the warning occurred. After you have created the certificate, restart the Microsoft Exchange EdgeSync service to update the certificate information on the Edge Transport servers that are subscribed to the organization. If this warning occurred on an Edge Transport server, you must create the internal transport certificate on the Edge Transport server where the warning occurred. After you have created the certificate, resubscribe the Edge Transport server to the Exchange organization to update the certificate information in Active Directory. If you are not running the Microsoft Exchange EdgeSync service, you must manually update the certificate.Frank Wang TechNet Community Support

Checking syntax for export and import: Export Certificate? Export-ExchangeCertificate -Thumbprint thumbprint -Path c:\certificates\mycert.pfx Import Certificate - on all Exchange Servers? Import-ExchangeCertificate -Path c:\certificates\mycert.pfx Anything else I need to be aware of? just another Steve I can't come up with any good reason to export the Self-Signed Certficate on one server and try to import it on another. What are you trying to accomplish here?Martina Miskovic

Hi Frank, I'm not seeing the Event ID 12015 on either of the Exchange servers. The Microsoft Exchange EdgeSync service is running on both servers.....just another Steve