I have ISA 2004, Exchange Server 2007 both running Windows 2003 server. I have a self-signing certificate that was created by the Exchange Server. This certificate will expire in a week. How do I renew this certificate? How can I, if possible, renew it for more than a year? This certificate was exported and added to the listener property of the Web Publishing Rule in ISA 2004. This rule has OWA and Microsoft-Server-ActiveSync also as the paths. I have owa and iphone users. Thank you ScottL

For Exchange 2007: http://technet.microsoft.com/en-us/library/bb851554(EXCHG.80).aspx -- Ed Crowley MVP "There are seldom good technological solutions to behavioral problems." . "sloeb" wrote in message news:d1abb593-6cf2-40cf-a038-231493ab5c33... I have ISA 2004, Exchange Server 2007 both running Windows 2003 server. I have a self-signing certificate that was created by the Exchange Server. This certificate will expire in a week. How do I renew this certificate? How can I, if possible, renew it for more than a year? This certificate was exported and added to the listener property of the Web Publishing Rule in ISA 2004. This rule has OWA and Microsoft-Server-ActiveSync also as the paths. I have owa and iphone users. Thank you ScottLEd Crowley MVP "There are seldom good technological solutions to behavioral problems."

After I renewed the certificate and enabled IIS, I tried to export it using the Export-ExchangeCertificate command. Once it asked me for the user name and password it came back and gave me the following error: Export-ExchangeCertificate : Cannot gain access to the private key or it is not exportable, and as a result cannot export as PKCS-12. Parameter name: Thumbprint At line:1 char:27 I used the Thumbprint of the renewed certificate. Also I used several user names and passwords, the Administrator for my domain, the administrator for the local server. Do I need to do something to it to make it exportable? I can export the old certificate with the Export-ExchangeCertificate command. ScottL

There's no point in trying to export a self-signed certificate. It's of no use anywhere else. -- Ed Crowley MVP "There are seldom good technological solutions to behavioral problems." . "sloeb" wrote in message news:3fc5936f-507d-4f0a-917d-3ef398e215f6... After I renewed the certificate and enabled IIS, I tried to export it using the Export-ExchangeCertificate command. Once it asked me for the user name and password it came back and gave me the following error: Export-ExchangeCertificate : Cannot gain access to the private key or it is not exportable, and as a result cannot export as PKCS-12. Parameter name: Thumbprint At line:1 char:27 I used the Thumbprint of the renewed certificate. Also I used several user names and passwords, the Administrator for my domain, the administrator for the local server. Do I need to do something to it to make it exportable? I can export the old certificate with the Export-ExchangeCertificate command. ScottLEd Crowley MVP "There are seldom good technological solutions to behavioral problems."

After I renewed the certificate and enabled IIS, I tried to export it using the Export-ExchangeCertificate command. Once it asked me for the user name and password it came back and gave me the following error: Export-ExchangeCertificate : Cannot gain access to the private key or it is not exportable, and as a result cannot export as PKCS-12. Parameter name: Thumbprint At line:1 char:27 I used the Thumbprint of the renewed certificate. Also I used several user names and passwords, the Administrator for my domain, the administrator for the local server. Do I need to do something to it to make it exportable? I can export the old certificate with the Export-ExchangeCertificate command. Hi ScottL, Did you try to export certificate from MMC? If you still cannot export it from MMC, please renew the certificate again. (add -PrivateKeyExportable:$True) Get-ExchangeCertificate -Thumbprint "number" | New-ExchangeCertificate -PrivateKeyExportable:$True After that, try to export the newest certificate from MMC. Don't forget to enable services on the new certificate.Frank Wang

Hi ScottL, How about your question? Any updates?Frank Wang

The command Get-ExchangeCertificate -Thumbprint "number" | New-ExchangeCertificate -PrivateKeyExportable:$True worked great. I can export it and import it in my ISA server. Thank you all ScottLScottL