Exchange 2016 Certificate Expiry

In this article we cover the following:

  • Exchange Certificate that is about to expire.

Exchange 2016 Certificate that is expiring or has expired:

On your Exchange 2016 Server you might see the following errors to say that a certificate is about to expire or has already expired. You should see Event ID 12017 Logged:

We can check which certificate this is in Exchange 2016 by running the following command from the Exchange Management Shell on the server that is logging this warning:

  • Get-ExchangeCertificate | fl Thumbprint,Subject,Services

In this case this expiring certificate handles the following services: IIS And SMTP

Renew SSL Certificate in Exchange 2016.

To renew the certificate you can use the EMC or the EMS. You can use the Exchange Management Shell and run the following command and providing the .req file to the certificate authority like DigiCert or GoDaddy:

  • Get-ExchangeCertificate -Thumbprint “<ThumbPrint of expiring cert>” | New-ExchangeCertificate -GenerateRequest -RequestFile \\Server\CertRenewal.req
  • Once the command has run confirm that the .req file was created on the server specified.
  • Once your provider generates the new certificate you can then complete the request.

Assign Services to the new Certificate

Once the new certificate installation has completed we can now assign services to it. In the same EMS window run the following command:

  • Enable-ExchangeCertificate -thumbprint “<ThumbPrint of new Certificate>” -services IIS,SMTP

You can open up IIS and remove the old certificate.

Hope it helps.

By edward