In any organization running Exchange 2010, Exchange 2013 or Exchange 2013, the internal certificate that is part of Exchange once you have done an installation will expire after 5 years.

Sometimes Admins remove these certificates but can lead you to issues down the line when you SSL certificate has expired or was removed and now you cannot either do an upgrade or “lock” yourself out because the bindings are set to this certificate.

To re-create this internal certificate on Exchange is very easy. Let’s begin.

Launch the Exchange Management Shell on the respective server.

Type in the following command:

  • New-ExchangeCertificate -Server <ServerName>

(Replace <ServerName> with your internal server name)

Below will be 3 different screenshots for Exchange 2010/2013 and 2016.

Exchange 2010 – New-ExchangeCertificate

Exchange 2013 – New-ExchangeCertificate

Exchange 2016 – New-ExchangeCertificate

As you can see above, it is the same on all 3 versions. You will notice a prompt to replace the certificate if it exists and you can just type in “Y” to proceed.

If you want to change the bindings or having issues with a blank EAC page or if the EMS won’t launch, check your bindings, you can view one of our previous posts here for troubleshooting:

Viewing the new certificate in the ECP/EAC

You can login to the Exchange Control Panel or Admin Center and view the new certificate you created:

Exchange 2010 ECP:

Exchange 2013/2016 EAC:

If you want to view the certificate in the EMS as well you can run the following command:

  • Get-ExchangeCertificate

Hope it helps.


Leave a Reply

Avatar placeholder

Your email address will not be published. Required fields are marked *