Reference Website https://www.stephenwagner.com/?p=435
1) Start the renewal process
We need to generate a renewal
request. Load up the Exchange Console, and select the “Server Configuration” on
the left. It should load up your Exchange Certificates on the lower half of
your screen. Look for your certificate that is about to expire. To get the
details on the certificates, simply double click and it will load the info, if
you’re unsure of which certificate it is, use the thumbprint provided in the
Event viewer, and compare it to the Thumbprint on the “Details” tab of the
certificate. Once you find it, highlight it and select “Renew Exchange
Certificate…” on the action pain to the right.
Renew Exchange Certificate
2) Create renewal request Wizard
This will open the certificate
renewal request wizard (as shown below):
Certificate Renewal Request Wizard
Simply choose a file name and
location to save the request. It’s easiest just to save it on your desktop.
After, hit “Renew”. This will generate the certificate renewal request.
3) Copy certificate request to
clipboard
Locate the file you created above
inside of Windows Explorer. Right click on this file and select “Open”, or
“Open With”. When prompted, uncheck the “Always use the selected program to
open this kind of file” option, and select “Notepad” as the program to open the
file with. Example below:
Open with Notepad
This will open the certificate
request. Now highlight all the text and copy it to your clipboard. Example
below:
Certificate request in Notepad
4) Submit certificate request to
certificate authority using web interface
Now we submit the request! Log on to
your certificate authority web interface. On the first screen, we will select
“Request a certificate”, as shown below:
Request
Then select “advanced certificate
request”, as shown below:
Advanced certificate request
And now, choose “Submit a
certificate request by using a base-64 encoded CMC or PKCS #10 file, or submit
a renewal request by using a base-64-encoded PKCS #7 file.”, again example
below:
Finally, we are going to populate
the request. Inside of the “Saved Request:” text box, paste your request from
your clipboard (which we copied to your clipboard above), then for “Certificate
Template:” choose “Web Server”. Example is below:
Now select Submit! On the next page
that loads, simply select “Download certificate” and save it to a location
you’ll remember.
5) Install certificate on Exchange
We now have a certificate that’s
ready to be installed. Go back to the Exchange console where we left off.
Inside of the certificate list, you should see an item that has a status that
says something about a pending request. Highlight this request, and on the
Action Pane, select “Complete request”. I could be wrong on what this says as I
can’t remember and did not take screenshots.
A wizard should open up, in this
wizard simply point it to the new certificate (the file we just saved at the
end of step 4, shown above). Follow the instructions.
6) Assign Services to Certificate
Now that the certificate is
installed, we need to assign which services will use it. The new certificate
should also now be in the list of certificates inside of Exchange. Highlight
the new certificate, right click, and select “Assign Services to Certificate”.
Example below:
Assign Services to Certificate
Once the wizard opens up, follow
through and when actually prompted for the services check everything except for
“Unified Messaging”. Finish the wizard.
7) Delete old certificate
Now we are almost done. Go back to
the certificate list inside of Exchange and look for the old certificate that
is going to expire. Highlight it, right click, and select “Remove”.
No comments:
Post a Comment