Exchange 2010 Certificate Renewal

In this article we cover the following:

  • Exchange Certificate that is about to expire.
  • Renew Exchange Certificate.

Exchange Certificate that is expiring or has expired:

On Exchange 2010 you might see the following warning to say that a certificate is about to expire or has already expired.


We can check which certificate this is in Exchange by running the following command from the Exchange Management Shell on the server that is logging this warning:

  • Get-ExchangeCertificate
  • Or
  • Get-ExchangeCertificate | fl Thumbprint,Subject


In this case this certificate handled the following services: IIS, IMAP, POP and SMTP

Renew Certificate

To renew the certificate you can use the EMC or the EMS. You can use the Exchange Management Shell and run the following command:

  • Get-ExchangeCertificate -thumbprint “<ThumbPrint as above>” | New-ExchangeCertificate
  • Once the command has run confirm the prompts by typing in “y” and then pressing enter.

Assign Services to the new Certificate

Once the new certificate installation has completed we can now assign services to it. In the same EMS window run the following command:

  • Enable-ExchangeCertificate -thumbprint “<ThumbPrint as above>” -services IIS,POP,IMAP,SMTP

Once you are happy with the new certificate then you can open the MMC and add the snap-in for your certificates and remove the expiring one.

Hope it helps.