From LedHed's Wiki
(Created page with 'From the Exchange Management Shell Get the current Certificate:<br> Get-ExchangeCertificate -domain "MAIL_SERVER_HOSTNAME" | fl Generate a Certificate with a new expiration da...') |
|||
| (4 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
| − | From the Exchange Management Shell | + | == Get Current Certificate Info == |
| + | From the Exchange Management Shell<br> | ||
Get the current Certificate:<br> | Get the current Certificate:<br> | ||
Get-ExchangeCertificate -domain "MAIL_SERVER_HOSTNAME" | fl | Get-ExchangeCertificate -domain "MAIL_SERVER_HOSTNAME" | fl | ||
| + | |||
| + | |||
| + | == Create a New Certificate == | ||
Generate a Certificate with a new expiration date:<br> | Generate a Certificate with a new expiration date:<br> | ||
| Line 9: | Line 13: | ||
If the current Certificate is in use then you will be prompted to overwrite it.<br> | If the current Certificate is in use then you will be prompted to overwrite it.<br> | ||
| − | View the new Certificate | + | ''' ''NOTE: '' ''' IF you want to export this certificate (i.e. you want to deploy it via Group Policy) then you need to pass this flag at the time of creation, you '''cannot''' change this setting without creating a new certificate! |
| + | -PrivateKeyExportable:$true | ||
| + | |||
| + | |||
| + | == View the new Certificate == | ||
| + | |||
Get-ExchangeCertificate -thumbprint "NEW_CERT_THUMBPRINT" | fl | Get-ExchangeCertificate -thumbprint "NEW_CERT_THUMBPRINT" | fl | ||
| + | |||
| + | |||
| + | == Enable New Certificate for IIS == | ||
| + | |||
| + | Enable-ExchangeCertificate -thumbprint "NEW_CERT_THUMBPRINT" -services IIS | ||
| + | |||
| + | == Delete old Certificate == | ||
| + | From the Exchange Management Shell<br> | ||
| + | |||
| + | Remove-ExchangeCertificate -thumbprint "OLD_CERT_THUMBPRINT" | ||
| + | |||
== References == | == References == | ||
http://exchangepedia.com/2008/01/exchange-server-2007-renewing-the-self-signed-certificate.html | http://exchangepedia.com/2008/01/exchange-server-2007-renewing-the-self-signed-certificate.html | ||
| + | http://www.msexchange.org/articles_tutorials/exchange-server-2007/management-administration/managing-exchange-certificates.html | ||
[[Category:Exchange 2007]] | [[Category:Exchange 2007]] | ||
Latest revision as of 15:47, 25 January 2011
Contents
Get Current Certificate Info
From the Exchange Management Shell
Get the current Certificate:
Get-ExchangeCertificate -domain "MAIL_SERVER_HOSTNAME" | fl
Create a New Certificate
Generate a Certificate with a new expiration date:
Get-ExchangeCertificate -thumbprint "CURRENT_CERT_THUMBPRINT" | New-ExchangeCertificate
If the current Certificate is in use then you will be prompted to overwrite it.
NOTE: IF you want to export this certificate (i.e. you want to deploy it via Group Policy) then you need to pass this flag at the time of creation, you cannot change this setting without creating a new certificate!
-PrivateKeyExportable:$true
View the new Certificate
Get-ExchangeCertificate -thumbprint "NEW_CERT_THUMBPRINT" | fl
Enable New Certificate for IIS
Enable-ExchangeCertificate -thumbprint "NEW_CERT_THUMBPRINT" -services IIS
Delete old Certificate
From the Exchange Management Shell
Remove-ExchangeCertificate -thumbprint "OLD_CERT_THUMBPRINT"
References
http://exchangepedia.com/2008/01/exchange-server-2007-renewing-the-self-signed-certificate.html http://www.msexchange.org/articles_tutorials/exchange-server-2007/management-administration/managing-exchange-certificates.html