Renew Certificates in Exchange 2007 HUB-CAS

You may encounter an alerts from your monitoring systems about your certficate is going to expired in couple of days. In this state you must renew your certificate before its cross timeline. Renewing certificate is very straight forward process and same as you assign it first time.

Here, I am considering local PKI to renew certificates.

1. Alarm

If you check event viewer in server where certificates is going to expired, you will see below log.

Event Type: Warning
Event Source: MSExchangeTransport
Event Category: TransportService
Event ID: 12018
Date:  3/24/2011
Time:  12:04:07 PM
User:  N/A
Computer: ABCFE01

The STARTTLS certificate will expire soon: subject:, hours remaining: E87B5D0BD9E5108BCAA8DBE1B3437E93B781BF4C. Run the New-ExchangeCertificate cmdlet to create a new certificate.

For more information, see Help and Support Center at

2. Generate new Certificate

To generate new certificate in Exchange 2007 server, First you need to collect SAN URL name from existing certificates, To do so you can go into OWA and see details or you can use MMC console and click on existing certificates.

DNS Name=abcfe01

Now, Login to FE server and  open EMS to run below cmdlet to generate request.

New-ExchangeCertificate -generaterequest -subjectname “,CN=abcfe01,OU=exchange,O=ABC,L=DH,S=India” -domainname abcfe01,,aut -PrivateKeyExportable $true -path c:\certrequest.txt

3. Generate certificate in PKI CA console.

Now, you need to login your internal PKI CA console and generate certificate using request file “certrequest.txt”. Generate certificate and save it.

Note: There should not be left spaces when paste content into console.

4. Importing Certificate

Login to Exchange 2007 server abcfe01 and open EMS. Run below cmdlet to import it and enable required services.

Import-ExchangeCertificate -path c:\certnew.cer

Enable-ExchangeCertificate -Services IIS,SMTP,IMAP,POP -Thumbprint “Keep Without quote”

By default IMAP,POP services would be enables, If you need, you can enable it again.

It will ask you override exisiting certificate , here you will select “Yes”

Once it is imported and assigned for certificates you can verify it theu OWA (for IIS) and test mail flow for SMTP. Also you can see eventviewer to verify it.


Event Type: Information
Event Source: MSExchangeTransport
Event Category: Configuration
Event ID: 16002
Date:  3/30/2011
Time:  10:30:07 AM
User:  N/A
Computer: abcfe01
The new transport server configuration has been read and components have been notified.

For more information, see Help and Support Center at


5. Delete old cetificates

After everything is working fine you can go ahead and delete old certificates (make sure you have selected correct thumbprint)

Run cmdlet below:

Remove-certificate -thumbprint

Now you have done renewal of you certificate thru KPI CA.


9 thoughts on “Renew Certificates in Exchange 2007 HUB-CAS

Add yours

  1. Just wish to say your article is as surprising. The clarity for your submit is simply excellent
    and that i can suppose you’re an expert on this subject. Well with your permission allow me to snatch your RSS feed to stay updated with drawing close post. Thank you one million and please keep up the enjoyable work.

  2. After looking over a handful of the blog articles on your blog, I honestly like your
    technique of writing a blog. I saved it to my bookmark site list and
    will be checking back in the near future. Take a look at my website too and let me know your opinion.

  3. Hello there, just became alert to your blog through Google, and found that it’s really informative. I’m gonna watch out for brussels.

    I will be grateful if you continue this in future. Numerous people will be benefited from your writing.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Blog at

Up ↑

Eine Tolle Reise

Here, you all will come to know about me, about my life and of course some common issues these days!!

Office 365 for IT Pros

The only always up-to-date eBook about the Microsoft 365 cloud Office system, covering Exchange Online, SharePoint Online, OneDrive for Business, Microsoft Teams, Planner, Azure Active Directory, and more

Chirag Patel MVP MCT

Microsoft 365 Specialist

All about Microsoft 365 & Teams

lEt's eNaBle MoDeRn WoRkPlAcE ! News

The latest news on and the WordPress community.

%d bloggers like this: