7,925 questions
yes, but no reason to wait till Dec 4th. You can apply it now or anytime before the old expires. No need to wait.
Exchange 2019 CU12 - how to import new SSL-certificate?
Evgeny Shupik
191
Reputation points
Hello everybody! Need some help - we have to replace the SSL-certificate on the Exchange 2019 CU12 server. So this procedure should look like this:
Import-ExchangeCertificate -Server "MAIL" -FileData ([System.IO.File]::ReadAllBytes('\mail\Certificates\our_domain_cert.pfx')) -PrivateKeyExportable:$true -Password (ConvertTo-SecureString -String '12345678' -AsPlainText -Force)
And, after this we check with the command
[PS] C:\Windows\system32>Get-ExchangeCertificate
Thumbprint Services Subject
8490765C4C47D81***E2F46BEBB98EF9084A3B I..WS.. CN=.ourdomain.com, O=LLC Company, L=NY, S...
D5EFF683AD986C988***24C107EEDCA3B484E799 ....S.. CN=Microsoft Exchange Server Auth Certificate
F960DCC7F5BEB003****563638FD85BC40D855E8 .P.WS.. CN=mail
C4D2E9EBA63795484***C1660EBCBB307E987EBC ....... CN=WMSvc-SHA2-MAIL
So the question is - after we have imported a new certificate (but the current one has not yet expired) - do we need to take any other actions or is it enough just to carry out the import procedure? Thank you.
Exchange | Exchange Server | Management
Accepted answer
1 additional answer
Sort by: Most helpful
-
Andy David - MVP 157.8K Reputation points2023-11-22T16:14:21.24+00:00 You need to assign the new certificate for the right services:
Once that is done, restart IIS, and test.
Then you can remove the old one if not needed
-
Evgeny Shupik 191 Reputation points
2023-11-22T16:20:02.3366667+00:00 Thanks, but let me clarify a little - let's say our certificate expires on December 5th, can we import a new one right now but apply it on December 4th? So it is possible?
Sign in to comment -