Renewing a Federation Delegation Certificate for Exchange Server 2019 involves a few steps to ensure a smooth process. Here's a step-by-step guide:
Step 1: Generate a Certificate Signing Request (CSR)
Open the Exchange Management Shell.
- Run the following command to generate a CSR:
New-ExchangeCertificate -GenerateRequest -SubjectName "CN=Federation Delegation" -DomainName federation.domain.com -PrivateKeyExportable $true -KeySize 2048 -Path "C:\FederationDelegation.csr"
Replace federation.domain.com
with the appropriate domain name.
The CSR will be saved to the specified path (e.g., C:\FederationDelegation.csr
). Keep this file safe; you'll need it to obtain the renewed certificate.
Step 2: Obtain the Renewed Certificate
- Submit the CSR to your preferred Certificate Authority (CA) or use a third-party CA service to obtain a renewed certificate.
Step 3: Install the Renewed Certificate
Once you receive the renewed certificate, open the Exchange Management Shell.
- Run the following command to install the renewed certificate:
Import-ExchangeCertificate -FileData ([Byte[]]$(Get-Content -Path "C:\Path\To\RenewedCertificate.cer" -Encoding Byte -ReadCount 0)) -PrivateKeyExportable $true
Replace "C:\Path\To\RenewedCertificate.cer"
with the actual path to your renewed certificate file.
- Enable the certificate for Federation Delegation:
Enable-ExchangeCertificate -Thumbprint <Thumbprint> -Services Federation
Replace <Thumbprint>
with the thumbprint of the renewed certificate.
Step 4: Refresh Federation Metadata
- Update the Federation Trust with the new certificate's thumbprint. Run the following command:
Set-FederationTrust -Identity "Microsoft Federation Gateway" -Thumbprint <Thumbprint> -RefreshMetaData
Replace <Thumbprint>
with the thumbprint of the renewed certificate.
Step 5: Test the Renewed Certificate
- Test the renewed certificate to ensure it's working as expected. You can use tools like the Microsoft Remote Connectivity Analyzer to verify federation functionality.