renewing Microsoft Exchange Server Auth Certificate in hybrid Exchange Serverhy 2019

Ibrahim AlHusari 191 Reputation points
2024-03-06T10:50:28.88+00:00

Dears,

I Have hybrid Exchange Server 2019 in my environment, last week my Microsoft Exchange Server Auth Certificate has expired and ECP/OWA stopped from working, so I renewed the certificate by using these commands:

[PS] C:>New-ExchangeCertificate -KeySize 2048 -PrivateKeyExportable $true -SubjectName "cn=Microsoft Exchange Server Auth Certificate" -FriendlyName "Microsoft Exchange Server Auth Certificate" -DomainName @()

[PS] C:>Set-AuthConfig -NewCertificateThumbprint "000000000000000000000000" -NewCertificateEffectiveDate (Get-Date)

[PS] C:>Set-AuthConfig -PublishCertificate

[PS] C:>Set-AuthConfig -ClearPreviousCertificate

[PS] C:>Restart-Service "MSExchangeServiceHost"

 

After one day from that OWA/ECP back to work again but when I am comparing the old Auth Certificate with new one, I Can see some differences as shown below (Namespaces) are different on both Certificates. is that problem in future?

 

Do I have to re-run HW again to update (Azure AD) or I can just update them manually?

 

 

Certificate:

                                FriendlyName: Microsoft Exchange Server Auth Certificate

                                Thumbprint: 0000000000000000000

                                Lifetime in days: 1819

                                Certificate has expired: False

                                Certificate status: Valid

                                Key size: 2048

                                Signature Algorithm: sha256RSA

                                Signature Hash Algorithm: sha256

                                Bound to services: SMTP

                                Internal Transport Certificate: False

                                Current Auth Certificate: True

                                Next Auth Certificate: False

                                SAN Certificate: False

                                Namespaces:

                                                Microsoft Exchange Server Auth Certificate

               

               

                Certificate:

                                FriendlyName: Microsoft Exchange Server Auth Certificate

                                Thumbprint: 0000000000000000000000000000000

                                Lifetime in days: -8

                                Certificate has expired: True

                                Certificate status: Invalid

                                Key size: 2048

                                Signature Algorithm: sha256RSA

                                Signature Hash Algorithm: sha256

                                Bound to services: SMTP

                                Internal Transport Certificate: False

                                Current Auth Certificate: False

                                Next Auth Certificate: False

                                SAN Certificate: False

                                Namespaces:

                                                ACS

thank you.

Exchange | Exchange Server | Other
Exchange | Exchange Server | Management
Exchange | Hybrid management
{count} votes

Accepted answer
  1. Andy David - MVP 157.8K Reputation points MVP Volunteer Moderator
    2024-03-06T11:28:01.18+00:00

    You can update the Cert info in Azure manually if you want, but I would recommend simply running the Hybrid Wizard again to do that.

    https://learn.microsoft.com/en-us/exchange/plan-and-deploy/integration-with-sharepoint-and-skype/maintain-oauth-certificate?view=exchserver-2019#frequently-asked-questions

    As for the validity of the cert itself, it should be fine but verify with the HealthChecker script

    https://microsoft.github.io/CSS-Exchange/Diagnostics/HealthChecker/

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.