Replacing SSL certificates on exchange 2013
- Copy pfx file to exch03
- Open exchange powershell as admin and run “certutil -csp
"Microsoft RSA SChannel Cryptographic Provider" -importpfx name_of_file.pfx”
– failing to import like this will and doing it through the GUI may lead to a
loop when logging into ECP/OWA
- Assign SMTP and IIS services in ECP > Servers >
Certificates, overwriting old certificate.
- From a command prompt as admin, run “iisreset” – this will interrupt
your exchange services
- Delete old certificate. If it complains that IIS/SMTP services are still in use, run this powershell to enable those services on your new certificate "Enable-ExchangeCertificate -Thumbprint <Thumbprint> -Services 'iis,smtp'
- If it complains that it is in use on
a send connector when trying to delete the old certificate, follow these steps:
- From ECP, open
the certificate you want to use and note the thumbprint
- In exchange
powershell run “$cert = Get-ExchangeCertificate -Thumbprint
<thumbprint>”
- Set a new
variable and assign it the concatenated values of the Issuer and Subject
values of the certificate (must also include <I> and <S>
before each field):
$TLSCert = (‘<I>’+$cert.issuer+'<S>’+$cert.subject)
- Update the send
connector with the new values
Set-SendConnector -Identity “sendconnectorname” -TLSCertificateName
$TLSCert
No comments:
Post a Comment