Share via

Exchange SSL Cert exipired while new has been applied

FMG Support 20 Reputation points
2023-04-27T12:54:13.0733333+00:00

Dual on prem server 2016 set up, applied new SSL certificate to both servers showing valid dates. Still receiving a notice when launching Outlook and Exchange admin site that one of the certificates has expired.

The cert was applied to primary server then copied over to the secondary and applied. After restarting IIS and the full server we still received the cert expired notice, so we then worked to get the cert reissued then worked to install this on the server again. Still we are receiving the notice that the cert has expired.

How can we get the server to recognize that the cert has been applied and is currently valid.

Exchange | Exchange Server | Other
Outlook | Windows | Classic Outlook for Windows | For business
Accepted answer
  1. Jarvis Sun-MSFT 10,231 Reputation points Microsoft External Staff
    2023-04-28T09:11:15.5566667+00:00

    Hi @FMG Support ,

     

    According to your description, please kindly clarify some questions to help us provide further troubleshooting steps.

     

    1.After the certificate is imported, select server in EAC and check whether the status value of the certificate is Valid?

    User's image

    1. Run the Get-ExchangeCertificate cmdlet to check the existing Microsoft Exchange certificate status, check the thumbprint value if it is the same as the SSL certificate you copied.

    User's image

    In addition, it is recommended that you follow this article to renew the Exchange SSL certificate to see if it works. Reference: Renew Microsoft Exchange certificate

    Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment". 

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    1 person found this answer helpful.

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Konstantinos Passadis 19,591 Reputation points MVP
    2023-05-01T14:06:47.0466667+00:00

    Hello @FMG Support ,

    If you have already installed the new SSL certificate on both servers and restarted IIS and the server, but are still receiving a notice that the certificate has expired, there are a few additional steps you can take to troubleshoot the issue:

    Verify the certificate details: Check the details of the new SSL certificate to ensure that it has been issued correctly and is valid. You can use a tool like the SSL Checker to verify the certificate details.

    Check the certificate binding: Verify that the new SSL certificate is correctly bound to the appropriate website in IIS. You can check this by opening IIS Manager, selecting the website, and checking the bindings in the "Bindings" feature.

    Check the certificate chain: Verify that the certificate chain is complete and includes all necessary intermediate certificates. You can use a tool like the SSL Checker to verify the certificate chain.

    Clear the certificate cache: Clear the certificate cache on both servers to ensure that the new SSL certificate is properly recognized. You can do this by running the following command in an elevated command prompt: certutil -urlcache * delete.

    Restart the servers: If none of the above steps resolve the issue, try restarting both servers to ensure that all changes are applied and the new SSL certificate is recognized.

    Kindly mark this answer as Accepted in case it helped or post your feedback !

    Regards

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.