7,925 questions
Hi,
I have researched a lot documentation, there is no way to choose the validity period for renew the certificate.
Thank you for your understanding!
Help to create a new Exchange 2016 certificate for 397 days
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(0, 54%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESS%3C/text%3E%3C/svg%3E)
Steve Shelts
21
Reputation points
When I renew the Exchange certificate using the following Powershell command
Get-ExchangeCertificate -Thumbprint "DFL..." | New-ExchangeCertificate -PrivateKeyExportable $true
The expiry date is in 5 years. How can I set the expiry date to 397 days?
Exchange | Exchange Server | Management
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(41.6, 80%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAL%3C/text%3E%3C/svg%3E)
Aholic Liang-MSFT 13,886 Reputation points Microsoft External Staff2022-08-02T06:38:19.787+00:00 Hi @Steve Shelts ,
Just checking in to see how things are going on with this thread.
If the reply was helpful, you can click the "Accept Answer" button under this post so that other's with similar question can benefit from this thread as well.
If you still have further questions or concerns, feel free to post back
Sign in to comment
Accepted answer
-
Aholic Liang-MSFT 13,886 Reputation points Microsoft External Staff
2022-08-04T08:57:04.47+00:00 -
Steve Shelts 21 Reputation points
2022-08-04T09:18:10.763+00:00 Okay thank you very much for checking. At least I know it cant be done.
I would like to accept your comment as an answer but there's no button.
-
Aholic Liang-MSFT 13,886 Reputation points Microsoft External Staff
2022-08-04T09:29:40.987+00:00 Hi,
I have convert it to answer, you could click the "Accept Answer" button under this post, your action would benefit others who have similar issues. Thank you!
Sign in to comment -
4 additional answers
Sort by: Most helpful
-
Dillon Silzer 57,831 Reputation points Volunteer Moderator2022-07-28T19:44:45.367+00:00 You cannot change an Exchange expiry date from 5 years.
Every certificate has a built-in expiration date. In Exchange Server, the default self-signed certificate that's installed on the Exchange server expires 5 years after Exchange was installed on the server. You can use the Exchange admin center (EAC) or the Exchange Management Shell to renew Exchange certificates. This includes Exchange self-signed certificates, and certificates that were issued by a certification authority (CA).
Renew an Exchange Server certificate
-------------------------
If this is helpful please mark as correct answer.
-
Steve Shelts 21 Reputation points
2022-07-28T20:09:13.57+00:00 Yes the default self-signed certificate expired so I renewed it using PowerShell. Is there a switch I can add to the PowerShell command so I can create a self-signed certificate with a shorter expiration date because 5 years is too long? I want to create a self-signed certificate that expires in 397 days.
-
Dillon Silzer 57,831 Reputation points Volunteer Moderator
2022-07-28T20:47:44.313+00:00 There is no switch to shorten the expiry date.
Sign in to comment -
-
Aholic Liang-MSFT 13,886 Reputation points Microsoft External Staff
2022-07-29T08:09:47.38+00:00 Hi @Steve Shelts ,
In general ,you can't change the expiration date of an existing certificate. But you can change the default validity period for the Certificate Authority.
Change expiration date of certificates - Windows Server | Microsoft Learn
Thank you for your understanding!
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread. -
Steve Shelts 21 Reputation points
2022-08-03T07:09:31.017+00:00 Hi @Aholic Liang-MSFT ,
I looked at that link and the validity period for the Certificate Authority on the Exchange server is set to 2 years. Yet when I create a new certificate, it has a period of 5 years.
Maybe I need to check the validity period on the Domain Controller as well? I'll check and let you know.
-
Aholic Liang-MSFT 13,886 Reputation points Microsoft External Staff
2022-08-03T07:41:09.737+00:00 Hi,
Did you create the new certificate through an internal CA or a commercial CA?
Besides, the validity period is indeed five years if you renewed the original self-signed certificate of Exchange. -
Steve Shelts 21 Reputation points
2022-08-03T20:48:05.22+00:00 Internal CA. I renewed the original self signed certificate. Is there a way to renew it for 1 year?
Sign in to comment -