Renewing SBS2011 Exchange Self-Signed Certificate w/o changing home page in IE?

exchange internet-explorer windows-sbs-2011 certificate
80,802

Solution 1

In the exchange management shell run Get-ExchangeCertificate to get the thumbprint on the cert you're trying to renew then run the following:

Get-ExchangeCertificate <thumbprint> | New-ExchangeCertificate | Enable-ExchangeCertificate -services pop,imap,smtp,iis

Solution 2

If using SBS2011 then

  1. Start the Windows SBS2011 Standard Console
  2. Click on the Network icon in the top bar, then click the Connectivity tab
  3. Wait for the panel in the right to become active and then click on 'Fix My Network'
  4. Let the wizard search for problems.
  5. One of the problems it should find is the expired certificate.
  6. Clear all the checkboxes except the certificate one and click Next

This will then re-issue a new self signed certificate on the server.

Solution 3

I did this in SBS2011:

  1. Open Exchange Management Console > navigate to Server Configuration and review the Certificates in the right panel

  2. Identify the certificate that has expired (take note of the subject name and the services)

  3. Start ExMngmtnShell as Administrator

  4. type Get-ExchangeCertificate to list the installed certificates

  5. Match the certificate to the expired certificate (using subject the name and services) from the Console then copy the associated thumbprint

  6. Type Get-ExchangeCertificate –Thumbprint INSERTTHUMBPRINTHERE | New-ExchangeCertificate

  7. Type Y to renew the certificate

  8. You can confirm the new certificate is installed and associated with the correct services either by running Step 4 or Step 1/2.

  9. Remove the old expired certificate either from the Console or from the Shell using Remove-ExchangeCertificate -Thumbprint INSERTTHUMBPRINTHERE

Note: I had to restart the server for the certificate to take effect.

Share:
80,802

Related videos on Youtube

Adam Hart
Author by

Adam Hart

Updated on September 18, 2022

Comments

  • Adam Hart
    Adam Hart almost 2 years

    On a previous server when we used the built in SBS wizard to renew the certificate it worked, however it reset all of the computers on the domain's IE home page to companyweb.

    Is there a way to do the renew without resetting everyone homepage?

    • Dylan Knoll
      Dylan Knoll about 8 years
      As somebody who has experience with SBS 2011 (unfortunately...), I would strongly recommend never using the SBS panel provided... it has all kinds of quirks like the one you've just described. Use MMC snap-ins or Powershell.
  • Adam Hart
    Adam Hart almost 11 years
    Perfect, just verified with my other tech that this is the answer we were looking for. Thanks.
  • user162383
    user162383 almost 8 years
    All the answers here that advocate using PS are correct for a given value of correct but this one is the best. This method will cause the SBS internal Certificate Authority to be used to generate the new certificate. The PS methods will generate a self signed cert. There is a difference - all the PCs and the server should have the SBS CA cert as trusted and hence will automatically trust the cert generated by the fix my network wizard. The PS generated one will not be trusted automatically.
  • I say Reinstate Monica
    I say Reinstate Monica almost 7 years
    You do not need to restart the SBS Console or the server for the renewed certificate to take effect.
  • Markus Rudel
    Markus Rudel almost 6 years
    I've had a SBS2011 with self-signed certs which expired a few days ago. This command helps with the renewal of the exchange cert, however, you'll end up with a self-signed certificate without root CA and need to trust that new certificate on your machines. I wonder if its possible to do the update of the cert, using a self signed CA and automatically trusting it on all machines in AD.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Untrusted certificate with Internet Explorer 11
Trusted Root Certificate gone missing
Unable to continue after certificate error i IE
Mozilla Firefox won't connect to Google, IE can
How do I disable the "Security Certificate Error" message in Internet Explorer?
Receiving SSL certificate errors only from some clients
certificate errors via chrome and IE
Install SSL certificate from an untrusted website into the Certificates snap-in using IE
What are the steps to install an Untrusted Certificate in Internet Explorer 8 on Windows 7?
Certificate error with Internet Explorer 9