Thursday, April 24, 2008

Has it really been this long?! Renewing Exchange Certificates...

On a couple of fronts there has been some passing of time... First, I admit that, yet again, I've sorely neglected my blog... I'll truly try to start doing better! :-)

It's also been around a year since I installed Exchange 2007. As such, I started to get MOM notifications about the certificate on my Hub Transport server expiring. So, I dig around and find a couple of blogs from others that cover the subject to start reading up on it. Then I head to the Exchange Help to see what it has to say. Ultimately, I come up with the following:

In this instance, my certificate renewal deals only with the certificate for SMTP services on the HT server. This is the original automatically generated certificate from the install. (Side note: My CAS server has a cert I installed from our internal CA, and it's good for another year.) So, from my reading I determine that I need to renew, or more specifically, replace, by running the following cmdlet in the shell:


This prompts me to confirm that I want to overwrite the existing default SMTP certificate, which I do. And that pretty much does it...

Except... I now start to notice my outbound edgesync queue starting to grow. Once that initial "Oh crap!!" feeling passes I start to investigate why this is occuring. That leads me to my Edge server which is reporting that it doesn't have any information about the certificate now in use on the HT server. So, I decide to go back to the HT server and run a quick Start-EdgeSynchronization. So the sync runs (successfully!) and the configuration information is updated on the Edge server. As soon as that takes effect, my queue clears right up!!

Job done.