none
SBS 2008, Exchange Server 2007: Renewing the self-signed certificate

    Question

  • I am getting security warnings on the workstations concerning the self-signed certificate for mail.mydomain.com.  I re-ran the SBS wizard "Set up your Internet address" thinking this would correct the problem but it did not.  I found come KB articles and one of them had you list the certificates with Get-ExchangeCertificate | List (see below).  I was overwelmed with the number of certificates although I could see two certificates with invalid dates.  Should I have this many certificates and how do I renew the certificate for mail.mydomain.com?

    Thanks

    AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAccessRule, system.Security.AccessControl.CryptoKeyAccessRule}
    CertificateDomains : {mail.mydomain.ca, mydomain.ca, SERVER1.diemert.local}
    HasPrivateKey      : True
    IsSelfSigned       : False
    Issuer             : CN=diemert-SERVER1-CA
    NotAfter           : 07/05/2014 2:44:56 PM
    NotBefore          : 07/05/2012 2:44:56 PM
    PublicKeySize      : 2048
    RootCAType         : Registry
    SerialNumber       : 4C345383000000000009
    Services           : IMAP, POP, IIS, SMTP
    Status             : Valid
    Subject            : CN=mail.mydomain.ca
    Thumbprint         : 0F8242C4DE65A9BBE43D546BDE330222CEB5E4F3

    AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAccessR
                         ule, System.Security.AccessControl.CryptoKeyAccessRule}
    CertificateDomains : {SERVER1.diemert.local}
    HasPrivateKey      : True
    IsSelfSigned       : False
    Issuer             : CN=diemert-SERVER1-CA
    NotAfter           : 11/02/2013 10:27:38 PM
    NotBefore          : 12/02/2012 10:27:38 PM
    PublicKeySize      : 2048
    RootCAType         : Registry
    SerialNumber       : 18574933000000000008
    Services           : IMAP, POP, SMTP
    Status             : Valid
    Subject            : CN=SERVER1.diemert.local
    Thumbprint         : 1552329700C3357022CB258B01D5558EE065F384

    AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAccessR
                         ule, System.Security.AccessControl.CryptoKeyAccessRule}
    CertificateDomains : {mail.mydomain.ca, mydomain.ca, SERVER1.diemert.local}
    HasPrivateKey      : True
    IsSelfSigned       : False
    Issuer             : CN=diemert-SERVER1-CA
    NotAfter           : 06/05/2012 9:39:29 PM
    NotBefore          : 07/05/2010 9:39:29 PM
    PublicKeySize      : 2048
    RootCAType         : Registry
    SerialNumber       : 610C510C000000000004
    Services           : IMAP, POP, SMTP
    Status             : DateInvalid
    Subject            : CN=mail.mydomain.ca
    Thumbprint         : 6F9A7C19FAEAD3D71079D12147ABD77E02965445

    AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAccessR
                         ule, System.Security.AccessControl.CryptoKeyAccessRule}
    CertificateDomains : {Sites, SERVER1.diemert.local}
    HasPrivateKey      : True
    IsSelfSigned       : False
    Issuer             : CN=diemert-SERVER1-CA
    NotAfter           : 06/05/2012 5:44:31 PM
    NotBefore          : 07/05/2010 5:44:31 PM
    PublicKeySize      : 2048
    RootCAType         : Registry
    SerialNumber       : 6106A5CF000000000002
    Services           : IMAP, POP, SMTP
    Status             : DateInvalid
    Subject            : CN=Sites
    Thumbprint         : 361E567956A6E6E9CBFE01B03988EB29A6B01660

    AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAccessR
                         ule}
    CertificateDomains : {diemert-SERVER1-CA}
    HasPrivateKey      : True
    IsSelfSigned       : True
    Issuer             : CN=diemert-SERVER1-CA
    NotAfter           : 07/05/2015 5:54:00 PM
    NotBefore          : 07/05/2010 5:44:01 PM
    PublicKeySize      : 2048
    RootCAType         : Registry
    SerialNumber       : 499FC3DF633CBE884D0818888703DE64
    Services           : None
    Status             : Valid
    Subject            : CN=diemert-SERVER1-CA
    Thumbprint         : E6EA8622FE824598F74AC98F51DE73E0E2C35B7E

    AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAccessR
                         ule, System.Security.AccessControl.CryptoKeyAccessRule}
    CertificateDomains : {SERVER1.diemert.local}
    HasPrivateKey      : True
    IsSelfSigned       : True
    Issuer             : CN=SERVER1.diemert.local
    NotAfter           : 06/05/2015 12:00:00 AM
    NotBefore          : 07/05/2010 12:00:00 AM
    PublicKeySize      : 1024
    RootCAType         : Unknown
    SerialNumber       : F8FA7D047A32B78248117E5B23B14F84
    Services           : IMAP, POP, IIS
    Status             : Valid
    Subject            : CN=SERVER1.diemert.local
    Thumbprint         : A56FF88ADEDC718DA229742285CA129F65EF11F6

    AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAccessR
                         ule}
    CertificateDomains : {WMSvc-WIN-PVSKAH1VSNW}
    HasPrivateKey      : True
    IsSelfSigned       : True
    Issuer             : CN=WMSvc-WIN-PVSKAH1VSNW
    NotAfter           : 11/04/2020 11:30:55 PM
    NotBefore          : 14/04/2010 11:30:55 PM
    PublicKeySize      : 2048
    RootCAType         : Registry
    SerialNumber       : 5CB3D890A317C1934C63D15BC4BB5175
    Services           : None
    Status             : Valid
    Subject            : CN=WMSvc-WIN-PVSKAH1VSNW
    Thumbprint         : 5E28E828C1FC7DEA219982926AD28D65C9334250

     

    [PS] C:\Windows\system32>

    Monday, May 07, 2012 8:39 PM

Answers

  • Hi,

    At first, you should have a better understanding of the self-signed certificate on Exchange server 2007:

    Title: Understanding the Self-Signed Certificate in Exchange 2007
    URL: http://technet.microsoft.com/en-us/library/bb851554(v=exchg.80).aspx

    For the detailed procedures of renewing self-signed certificate in Exchange 2007, you could refer to the link below:

    Title: How to renew a self-signed certificate in Exchange Server 2007
    URL: http://www.msexchangegeek.com/2009/04/24/how-to-renew-a-self-signed-certificate-in-exchange-server-2007/

    Note: This response contains a reference to a third party World Wide Web site. Microsoft is providing this information as a convenience to you. Microsoft does not control these sites and has not tested any software or information found on these sites; therefore, Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. There are inherent dangers in the use of any software found on the Internet, and Microsoft cautions you to make sure that you completely understand the risk before retrieving any software from the Internet.

    Regards,
    James


    James Xiong

    TechNet Community Support

    Tuesday, May 08, 2012 8:08 AM
    Moderator
  • I re-ran the "Set up your Internet address" and this corrected the problem.  I am sure the "How to renew a self-signed certificate in Exchange Server 2007" by renwing the cerrificate by thumbnail would also work correctly.  Thanks for the help.
    Friday, May 11, 2012 1:20 AM

All replies

  • Hi,

    At first, you should have a better understanding of the self-signed certificate on Exchange server 2007:

    Title: Understanding the Self-Signed Certificate in Exchange 2007
    URL: http://technet.microsoft.com/en-us/library/bb851554(v=exchg.80).aspx

    For the detailed procedures of renewing self-signed certificate in Exchange 2007, you could refer to the link below:

    Title: How to renew a self-signed certificate in Exchange Server 2007
    URL: http://www.msexchangegeek.com/2009/04/24/how-to-renew-a-self-signed-certificate-in-exchange-server-2007/

    Note: This response contains a reference to a third party World Wide Web site. Microsoft is providing this information as a convenience to you. Microsoft does not control these sites and has not tested any software or information found on these sites; therefore, Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. There are inherent dangers in the use of any software found on the Internet, and Microsoft cautions you to make sure that you completely understand the risk before retrieving any software from the Internet.

    Regards,
    James


    James Xiong

    TechNet Community Support

    Tuesday, May 08, 2012 8:08 AM
    Moderator
  • Hi,

    How is everything going? If there is any update from your side, please feel free to let me know.

    Regards,

    James


    James Xiong

    TechNet Community Support

    Friday, May 11, 2012 1:15 AM
    Moderator
  • I re-ran the "Set up your Internet address" and this corrected the problem.  I am sure the "How to renew a self-signed certificate in Exchange Server 2007" by renwing the cerrificate by thumbnail would also work correctly.  Thanks for the help.
    Friday, May 11, 2012 1:20 AM