This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(310.4, 79%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERA%3C/text%3E%3C/svg%3E)
Hello,
We are running an Exchange 2016 Standard server (Version 15.1 (Build 466.34)).
The following Self-Signed Certificate recently expired:
Microsoft Exchange Server Auth Certificate
Self-signed certificate
Issuer: CN=Microsoft Exchange Server Auth Certificate
Status
Invalid
Expires on: 2/25/2021
Expires on:Renew
Assigned to services
SMTP
We do have a separate, valid cert that handles IIS & SMTP:
Microsoft Exchange
Self-signed certificate
Issuer: CN=RBS-MAIL
Status
Valid
Expires on: 8/16/2021
Expires on:Renew
Assigned to services
IIS, SMTP
What is the appropriate action to take? Should it simply be renewed?
There is currently no impact, but I want to ensure I do this correctly.
Thanks in advance.
Regards,
Rudy
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(284.8, 17%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EYS%3C/text%3E%3C/svg%3E)
Hi @Rudolf Amarlapudi ,
I'd like to follow up to see how things are going with this thread. Have you had a chance to check the replies provided?
If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(256, 53%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERA%3C/text%3E%3C/svg%3E)
Hello. I apologize for the delayed response. I'm being very cautious since this is a process I have not performed before. I realized also that I may have submitted the incorrect cert details. The correct one is listed below. Is there anything that I should be concerned about - breaking something else in this process? Anything I should be especially careful about, since there are other certs in current active use? Is the process still the same as that for the certificate I originally submitted for?
[77985-certificate-exchange-ucc-2017.txt][1]![79098-certlist.png][2]![79099-cert1.png][3]![79161-cert2.jpg][4]![79162-cert3.jpg][5]
Hi YukiSun - I'm so sorry for the delayed response. I updated my question - I actually need to first address a different certificate, not the self signed one. Could you please see my update?
I may just submit a new question, and set this as answered.
Regards,
Rudy
Hi Ruby,
I've posted a new reply based on the additional information you provided. You can have a check at your convenience and feel free to post back with any further questions or concerns.
By the way, considering that it's a public forum, for privacy concern, I've just modified the image you shared above to obfuscating the personal information. If you need to share more details in your future posts, it's also recommended to remove any personal data like domain name to protect your personal info. Thanks for your understanding.
If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Hi.
yes renew both and its easy :)
For the first: Microsoft Exchange Server Auth Certificate
https://supertechman.com.au/how-to-renew-an-expired-microsoft-exchange-server-auth-certificate/
for the "Microsoft Exchange" cert, follow the steps on my blog:
https://ehloergosum.com/2020/01/25/renewing-that-pesky-microsoft-exchange-certificate/
Hi @Rudolf Amarlapudi ,
From your description, now you only need to renew the expired "Microsoft Exchange Server Auth Certificate". You can follow the first link shared by Andy for the renew procedure or refer to the steps below which are virtually identical:
1.Click the Renew button in EAC.
2.Double click the "Microsoft Exchange Server Auth Certificate", go to the General tab, scroll down and find the new thumbprint, take a note of it for later commands.
3. Put the required information for the next command into variable:
(replace the "NewCertificateThumbprint" with the thumbprint in step2 )
$thumb = "NewCertificateThumbprint"
$date = get-date
4.Run the command below to add the new certificate:
Set-AuthConfig -NewCertificateThumbprint $thumb -NewCertificateEffectiveDate $date
You will get a warning that the new effective date is not 48 hours in the future, but we're OK with that so you can just ignore it.
5.Publish the certificate to all servers using the following command:
Set-AuthConfig -PublishCertificate
6.Then you can remove the old expired certificate from the configuration:
Set-AuthConfig -ClearPreviousCertificate
7.Run an IISReset for the change to take effect.
Here's one more link for your reference:
Expired Microsoft Exchange Server Auth Certificate
Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.
If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Hi @Rudolf Amarlapudi ,
Before we go on, would you please verify if this is still a self-signed certificate as stated earlier in your original post? As from the screenshot you shared above, it seems to me that it's more likely to be a certificated issued by certification authority(From the Issuer field in the second image). You can run the command below and check the value of the IsSelfSigned field:
Get-Exchangecertificate DEE4C09E56600048BA9606E15B7F25F159C8CECA | fl
If you have confirmed that it's a self-signed cert (IsSelfSigned: True), please refer to the steps in the link below to renew the certificate:
Renew an Exchange self-signed certificate
If it's not a self-signed cert, you would need to create a certificate renewal request, and then send the request to the CA. The CA then sends you the actual certificate file that you need to install on the Exchange server.
If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Thank you, Appreciate it. Typo on my part. It's a UCC.