Share via

I want to set the Exchange Server certificate validity period to 10 years

sakura_snow_blossom 190 Reputation points
2023-07-11T15:08:45.27+00:00

Thank you

*The content written in Japanese has been converted to English using a translation application, so I apologize if there are any mistranslations.

Due to the end of support for Exchange Server 2013, we are planning to switch to Exchange Server 2019.

Exchange Server uses only the e-mail function, and the server OS uses Windows Server 2019.

When I prepared the Exchange Server, a certificate with a validity period of 5 years was created, but how can I change it to 10 years?

If possible, I would like to create a certificate using "ActiveDirectoryCertificateServices" instead of a self-signed certificate, so I would like to create a certificate request with a validity period of 10 years.

*I created a certificate request from the cmdlet, but it can only be created with a validity period of 1 year.I want to set the validity period to 10 years.

Windows for business | Windows Client for IT Pros | Directory services | Active Directory
Exchange | Exchange Server | Management
Windows for business | Windows Server | User experience | Other
0 comments
Accepted answer
  1. Kael Yao 37,746 Reputation points Moderator
    2023-07-12T03:06:21.5933333+00:00

    Hi @sakura_snow_blossom

    By default the Exchange self-signed certificate expires within 5 years.

    To my knowledge it is not possible to modify this period to 10 years.

    If possible, I would like to create a certificate using "ActiveDirectoryCertificateServices" instead of a self-signed certificate, so I would like to create a certificate request with a validity period of 10 years.

    Yes it is possible to use a certificate issued by internal Certification Authority or other commercial CAs on Exchange.

    You can follow this link to change the expiration period:

    Change the expiration date of certificates that are issued by Certificate Authority

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment". 

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    1 person found this answer helpful.

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. sakura_snow_blossom 190 Reputation points
    2023-07-23T10:04:42.02+00:00

    Hi Kael Yao-MSFT

    Thank you for your reply, sorry for the late reply.

    By default the Exchange self-signed certificate expires within 5 years.

    To my knowledge it is not possible to modify this period to 10 years.

    I understand that the expiration date of the self-signed certificate cannot be set to 10 years.

    Yes it is possible to use a certificate issued by internal Certification Authority or other commercial CAs on Exchange.

    You can follow this link to change the expiration period:

    I was able to issue a certificate with the desired expiration date by referring to the link you gave me.

    Certificates could only be issued in the first two years, but "ActiveDirectoryCertificateServices" created a certificate template with the desired expiration date,

    I solved it by issuing a certificate using that template.

    it was very helpful!

    thank you very much!

    1 person found this answer helpful.
    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.