This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(179.20000000000002, 7.000000000000001%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGM%3C/text%3E%3C/svg%3E)
Hi All
I am using exchange 2016 hybrid environment. lets say my domain is contoso.com and i am using wild certificate *.contoso.com which has expired. i went to certificates and added the new wildcard certificate and noted the thumbprint. i followed the below steps but how do i validate tls certificate is renewed for these connectors
Default Frontend server01, Client Frontend server01, Anonymous Relay server01, Inbound Office 365
Get-SendConnector |fl name,TlsCertificateName
Get-TransportService server01 | Get-ReceiveConnector | fl name,tls*
$c = Get-ExchangeCertificate -Server server01 -Thumbprint 1111111111111111111111111111111111
$tcert = "<i>$($c.Issuer)<s>$($c.Subject)"
$tcert
Get-ReceiveConnector "server01\Default Frontend server01" | Set-ReceiveConnector -TlsCertificateName $tcert
Get-ReceiveConnector "server01\Client Frontend server01" | Set-ReceiveConnector -TlsCertificateName $tcert
Get-ReceiveConnector "server01\Anonymous Relay server01" | Set-ReceiveConnector -TlsCertificateName $tcert
Get-ReceiveConnector "server01\Inbound Office 365" | Set-ReceiveConnector -TlsCertificateName $tcert
You mean, you want to make sure the connectors are using that new cert?
If so enable protocol logging on those connectors and check the text logs created after you enable it. It will show what cert is being used. You can search for the new thumbprint