Exchange 2013 self signed cert renewal issue

Y Joe 61 Reputation points
2020-09-21T07:12:22.303+00:00

We are using Exchange 2013 in our office, we have one cert issued by CA and some self-signed certs (were there by default after the installation)

I found that the self-signed certs (with the name (1)Microsoft Exchange, (2)Microsoft Exchange Server Auth Certificate (3) _blank name) are going to expire.

Is it necessary for us to renew them? can we just ignore them?

If not, is it correct to follow the procedures below to renew them? no csr is required?

https://learn.microsoft.com/en-us/exchange/architecture/client-access/renew-certificates?view=exchserver-2019#:~:text=Every%20certificate%20has%20a%20built,Shell%20to%20renew%20Exchange%20certificates.

Exchange Server Management
Exchange Server Management
Exchange Server: A family of Microsoft client/server messaging and collaboration software.Management: The act or process of organizing, handling, directing or controlling something.
7,198 questions
0 comments No comments
{count} votes

Accepted answer
  1. Andy David - MVP 137.9K Reputation points MVP
    2020-09-21T11:11:48.537+00:00

    Yes, renew them before they expire. Much easier!

    For the Cert called "Microsoft Exchange", you can follow these steps from my blog:
    https://ehloergosum.com/2020/01/25/renewing-that-pesky-microsoft-exchange-certificate/

    for 2) )Microsoft Exchange Server Auth Certificate, this is a good step by step:
    https://supertechman.com.au/how-to-renew-an-expired-microsoft-exchange-server-auth-certificate/

    1 person found this answer helpful.
    0 comments No comments

4 additional answers

Sort by: Most helpful
  1. George Aziz 441 Reputation points
    2020-09-21T11:22:05.233+00:00

    Yes, you should renew it before the expiration date.

    You can check the following link to renew the exchange self signed certificate:
    https://learn.microsoft.com/en-us/exchange/architecture/client-access/create-self-signed-certificates?view=exchserver-2019

    1 person found this answer helpful.
    0 comments No comments

  2. Eric Yin-MSFT 4,386 Reputation points
    2020-09-22T02:30:56.027+00:00

    For a healthy Exchange server, the third certificate should be WMSVC.
    You'd better renew it as well in EAC, otherwise it may cause IISWebManager issue.

    26280-2.png

    26324-6.png


    If an Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    1 person found this answer helpful.

  3. Y Joe 61 Reputation points
    2020-09-22T02:52:26.543+00:00

    Thanks all for the info!

    As we are using DAG, shall we work on the renewal procedures (listed above) for each cert on both servers separately?
    (I am a bit confused on this "If you are using a DAG, then move all the databases to other servers and have at it")

    Yes, I just found that the blank name cert was from the Issuer WMSVC-<server name>
    Is there any suggested procedures for renewing WMSVC certificate?

    thank you.

    thank you.


  4. Y Joe 61 Reputation points
    2020-09-30T18:47:51.497+00:00

    Hi all,

    I got serious problem after renewing the "Microsoft Exchange" cert with the procedures below
    https://ehloergosum.com/2020/01/25/renewing-that-pesky-microsoft-exchange-certificate/

    outlook clients cannot login afterward, even clicking "Yes" and type in password will show disconnected at the bottom.OWA also shows it's an insecure website, anyone got ideas on this? thank you