Regenerate Self Signed Certificate Exchange 2007 / 2010


To Regenerate the Self Signed Certificate for Exchange this might be a bit tricky.

Open the Exchange Power Shell.

For SBS Server the names of the certificates it’s sites, you need to get the certificate name to be able to regenerate.

Get-ExchangeCertificate -domain “Sites” | fl

Note the ThumbPrint Value.

Generate the New Certificates

Get-ExchangeCertificate -thumbprint “D1B3829EC891FD53C1F87FF8359FFBEE8E3FB412” | New-ExchangeCertificate

Answer A to All

Enable Exchange Certificate for all the services

Enable-ExchangeCertificate -thumbprint “D1B3829EC891FD53C1F87FF8359FFBEE8E3FB412” -services IIS

After the certificate renew, you might receive on the server and the workstation

“This Ca Root Certificate Is Not Trusted. To enable Trust, Install This Certificate In The Trusted Root Certification Authorities Store”

Go to the Default Web Site in IIS and remove the Self Signed Cert **** The old one **** Check the certificate Date. Right click the Default Web Site, Directory Security, Server Certificate, Next, and Remove the cert.

Open Certificates in MMC. Go to Run, MMC. File Add Remove Snap In, Add Certificates; Computer Account; Local Computer and Click OK.

Copy the new cert to the Trusted Root Certification Authorities Certificates.

Go back to the Default Website in IIS, Properties, Diretory Security, Server Certificate. Assign an existing certificate and choose the new cert that was created.

Open a prompt : IISRESET

Leave a Reply

Your email address will not be published. Required fields are marked *