This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(284.8, 37%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EIA%3C/text%3E%3C/svg%3E)
Dears,
I Have hybrid Exchange Server 2019 in my environment, last week my Microsoft Exchange Server Auth Certificate has expired and ECP/OWA stopped from working, so I renewed the certificate by using these commands:
[PS] C:>New-ExchangeCertificate -KeySize 2048 -PrivateKeyExportable $true -SubjectName "cn=Microsoft Exchange Server Auth Certificate" -FriendlyName "Microsoft Exchange Server Auth Certificate" -DomainName @()
[PS] C:>Set-AuthConfig -NewCertificateThumbprint "000000000000000000000000" -NewCertificateEffectiveDate (Get-Date)
[PS] C:>Set-AuthConfig -PublishCertificate
[PS] C:>Set-AuthConfig -ClearPreviousCertificate
[PS] C:>Restart-Service "MSExchangeServiceHost"
After one day from that OWA/ECP back to work again but when I am comparing the old Auth Certificate with new one, I Can see some differences as shown below (Namespaces) are different on both Certificates. is that problem in future?
Do I have to re-run HW again to update (Azure AD) or I can just update them manually?
Certificate:
FriendlyName: Microsoft Exchange Server Auth Certificate
Thumbprint: 0000000000000000000
Lifetime in days: 1819
Certificate has expired: False
Certificate status: Valid
Key size: 2048
Signature Algorithm: sha256RSA
Signature Hash Algorithm: sha256
Bound to services: SMTP
Internal Transport Certificate: False
Current Auth Certificate: True
Next Auth Certificate: False
SAN Certificate: False
Namespaces:
Microsoft Exchange Server Auth Certificate
Certificate:
FriendlyName: Microsoft Exchange Server Auth Certificate
Thumbprint: 0000000000000000000000000000000
Lifetime in days: -8
Certificate has expired: True
Certificate status: Invalid
Key size: 2048
Signature Algorithm: sha256RSA
Signature Hash Algorithm: sha256
Bound to services: SMTP
Internal Transport Certificate: False
Current Auth Certificate: False
Next Auth Certificate: False
SAN Certificate: False
Namespaces:
ACS
thank you.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(284.8, 17%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EYS%3C/text%3E%3C/svg%3E)
Hi @Ibrahim AlHusari ,
Just checking in to see how things are going with this thread. If Andy's replies have been helpful, please consider accepting the answer to help increase visibility of this question for other members of the Microsoft Q&A community.
If not, please let us know what is still needed in the comments so the question can be answered. Thank you for helping to improve Microsoft Q&A!
You can update the Cert info in Azure manually if you want, but I would recommend simply running the Hybrid Wizard again to do that.
As for the validity of the cert itself, it should be fine but verify with the HealthChecker script
https://microsoft.github.io/CSS-Exchange/Diagnostics/HealthChecker/
Thank you for your help, can I use step 3 and 4 to update AZURE manually without using Hybrid Wizard??
Yes, you can!