How to renew Microsoft Exchange Server Auth Certificate (Exchange 2016)

Sathishkumar Singh 486 Reputation points
2021-10-20T11:27:08.147+00:00

Hello All

My Current Infra

1-Primary Domain Controller
1-Secondary Domain Controller + File Server

2-RODC

  1. UK-RODC
  2. Dubai-RODC (Powered Off) No more Office

2 Child Domain

1 Exchange Server 2016 (CU21)
DB01
DB02

Now i want renew Microsoft Exchange Server Auth Certificate which is going to expire 25/10/2021
What happened if we haven't renewed? what are the impacts?

Can you please guide me step by step .How to renew without any impact? also should check any iis setttings?

Regards
Sathish

Exchange Online
Exchange Online
A Microsoft email and calendaring hosted service.
6,178 questions
{count} votes

2 answers

Sort by: Most helpful
  1. Joyce Shen - MSFT 16,701 Reputation points
    2021-10-21T01:44:36.82+00:00

    Hi @Sathishkumar Singh

    An expired auth certificate will prevent you from accessing ECP and OWA, Outlook clients slow to start and not displaying the user's calendar and so on...

    You could follow the steps below to renew your auth certificate, which is recorded in Microsoft official document: Can't sign in to Outlook on the web or EAC if Exchange Server OAuth certificate is expired

    To check the status of your existing OAuth certificate, run the following command in the Exchange Management Shell:

    (Get-AuthConfig).CurrentCertificateThumbprint | Get-ExchangeCertificate | Format-List  
    

    1.Create a new OAuth certificate by running the following command:

    New-ExchangeCertificate -KeySize 2048 -PrivateKeyExportable $true -SubjectName "cn=Microsoft Exchange Server Auth Certificate" -FriendlyName "Microsoft Exchange Server Auth Certificate" -DomainName @()  
    

    2.Set the new certificate for server authentication. To do this, run the following commands:

    Set-AuthConfig -NewCertificateThumbprint <ThumbprintFromStep1> -NewCertificateEffectiveDate (Get-Date)  
    Set-AuthConfig -PublishCertificate  
    Set-AuthConfig -ClearPreviousCertificate  
    

    3.Restart the Microsoft Exchange Service Host Service.

    4.Either run the IISReset command to restart IIS or run the following commands (in elevated mode) to recycle the Outlook on the web and EAC application pools:

    Restart-WebAppPool MSExchangeOWAAppPool  
    Restart-WebAppPool MSExchangeECPAppPool  
    

    If you want to refer to a link with step-by-step screenshot, this link will be helpful as well:
    Resolve the ‘Auth Certificate Missing’ Error in Exchange 2016/2013
    Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

    In addition, it may take several hours for the renewed certificate to take effect, please wait patiently.


    If an Answer is helpful, please click "Accept Answer" and upvote it.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    3 people found this answer helpful.
    0 comments No comments

  2. SHAMBHU SHARMA 26 Reputation points
    2023-04-26T03:23:23.9233333+00:00
    1 person found this answer helpful.
    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.