Exchange 2007 Renew Certificate via IIS Manager RRS feed

  • Question

  • I am currently in the process of renewing the Exchange 2007 certs and have searched through forums in regards to this topic and can't seem to come across a proper answer. Is it possible to renew the Exchange 2007 cert using the IIS Manager or is Powershell the only way of doing so? Under the "IIS Manager > expanding server name > expand websites > default website properties > Directory Security > Server Certificate" you are presented with the option to renew the existing cert. This to me seems a lot easier than using shell to request a whole new cert. I am not a fan of the how Powershell can be a bit destructive when requesting a new cert and overwriting the existing one leaving your little ways of backing out if something goes wrong. Can someone confirm if using IIS manager is a viable way of renewing the Exchange 2007 cert. I prefer to keep the exact settings of the existing certificates.

    Thank you,


    Emmanuel Fumero Exchange Administrator

    Wednesday, March 5, 2014 3:50 AM


  • Hi

    Yes its possible in Exchange  2010 through EMC . Not sure if this works in Exchange 2007 since i haven't tried renewing through GUI in exchange 2007 and currently do not have any customers running e2k7 to check this option. Probably you can give it a try in Exchange 2007 and see if these options are visible. Please check the following,

    When you right-click your Exchange Server, you can select New Exchange Certificate, which will launch the New Exchange Certificate Wizard.

    After defining a friendly name, you are ready to provide all needed information:

    After clicking Finish, you will have a certificate request that you can use ti get a certificate from your own CA, or from an external CA. The Exchange Management Console will show the request as well

    1.Start the Exchange Management Shell. Click Start > Programs > Microsoft Exchange Server 2007, and then click Exchange Management Console.
    2.Click the link to "Manage Databases", and then go to "Server configuration".
    3.Select your certificate from the menu in the center of the screen (The certificate will be listed by the Friendly Name you chose when creating the CSR), and then click the link in the Actions menu to "Complete Pending Request".

    4.Browse to the certificate file you just copied to your server, then click Open > Complete.

    URGENT!! You may receive the following error: "The source data is corrupted or not properly Base64 encoded." You can ignore this error

    5.Press F5 to refresh the certificate list. Verify that it says "False" under "Self Signed".( if its 3rd party or feom CA)
    6.To enable your certificate, return to the Exchange Management Console and click the link to "Assign Services to Certificate."

    Hope this helps

    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as

    Answer” if a marked post does not actually answer your question. This can be beneficial to other

    community members reading the thread.



    • Marked as answer by efumero1525 Wednesday, July 2, 2014 4:56 PM
    Wednesday, March 5, 2014 5:38 AM