locked
Setting Exchange Back End 444 certificate via PoewrShell RRS feed

  • Question

  • Hi,

    Does anyone know how you change the Exchange Back End website :444 certificate using PowerShell please?

    Saturday, August 22, 2020 12:04 PM

Answers

All replies

    • Edited by Proed Saturday, August 22, 2020 11:59 PM
    Saturday, August 22, 2020 11:56 PM
  • Thanks very much for this, I forgot to mention that our organisation doesn't allow self-signed SSL certificates. The document you have given is to renew the "Exchange Certificate" I need to script changing a trusted cert on the back end on :444
    Monday, August 24, 2020 9:54 AM
  • As you would probably imagine, I run several lab environments to test, play, break different things throughout my day-to-day work, and to keep these working smoothly I use Let’s Encrypt SSL certificates to provide reliable, and most importantly FREE, SSL certificates for my environment. These only last for 3 months so I am updating my Exchange certificates quite regularly and have run across this problem more than once, and forgotten the fix each time, so I’m writing this as a reminder to myself and hopefully a useful tip for anyone else out there who might run into this issue and not already know the fix.

    This issue is caused when you update the SSL certificates from the Exchange Control Panel (ECP). This previously (in my experience of Exchange 2013) was simple enough, update the certificate and the enabled services within the ECP to the new certificate, restart IIS on your Exchange Server, and away you go. But I am repeatedly getting an issue with Exchange 2016 where this actually makes my server unusable until I take action to fix it.

    The symptoms of the problem are immediately apparent within ECP which, after logging in to the login page, which displays as normal, I just get a blank page. My next troubleshooting step is normally to go to PowerShell to look at what might be going on, but the Exchange Management Shell fails to connect to my Exchange Server. Now this is slightly more impacting in my lab environment – where I am only running a single Exchange 2016 server – than in a “normal” organisation where you would (or rather should) never be running just one Exchange server, but having access to the ECP or PowerShell from another server won’t actually help fix your issue.
    Monday, August 24, 2020 12:42 PM
  • Managed to find the fix myself:

    https://docs.microsoft.com/en-us/iis/manage/powershell/powershell-snap-in-configuring-ssl-with-the-iis-powershell-snap-in

    Import-Module webadministration

    Get-Item IIS:\SslBindings\0.0.0.0!444 | Remove-Item

    get-item cert:\LocalMachine\MY\<ThumbPrint> | New-Item "IIS:\SSLBindings\0.0.0.0!444"

    Restart-WebAppPool MSExchangeOWAAppPool

    Restart-WebAppPool MSExchangeECPAppPool

    • Marked as answer by AustinT Monday, August 24, 2020 2:02 PM
    Monday, August 24, 2020 2:02 PM