From LedHed's Wiki
Contents
Get Current Certificate Info
From the Exchange Management Shell
Get the current Certificate:
Get-ExchangeCertificate -domain "MAIL_SERVER_HOSTNAME" | fl
Create a New Certificate
Generate a Certificate with a new expiration date:
Get-ExchangeCertificate -thumbprint "CURRENT_CERT_THUMBPRINT" | New-ExchangeCertificate
If the current Certificate is in use then you will be prompted to overwrite it.
NOTE: IF you want to export this certificate (i.e. you want to deploy it via Group Policy) then you need to pass this flag at the time of creation, you cannot change this setting without creating a new certificate!
-PrivateKeyExportable:$true
View the new Certificate
Get-ExchangeCertificate -thumbprint "NEW_CERT_THUMBPRINT" | fl
Enable New Certificate for IIS
Enable-ExchangeCertificate -thumbprint "NEW_CERT_THUMBPRINT" -services IIS
Delete old Certificate
From the Exchange Management Shell
Remove-ExchangeCertificate -thumbprint "OLD_CERT_THUMBPRINT"
References
http://exchangepedia.com/2008/01/exchange-server-2007-renewing-the-self-signed-certificate.html http://www.msexchange.org/articles_tutorials/exchange-server-2007/management-administration/managing-exchange-certificates.html