I could not find this online exactly same with my condition, so I write this in case it is useful for you.

Situation:

I have got an exchange 2010 server with an certificate that is expired, the certificate is issued by GoDaddy. I have got an ISA server as the connecter between my internal exchange server to public mailbox server IP(Important if you have a firewall inbetween.

 

Task:

Renew expired certificate(After paid for it on GoDaddy)

 

Action:

Part One: Renew Exchange Certificate

1. Go to exchange server, management console, Server Configuration -> look at the Exchange Certificates on the same page.
2. Right click your expired certificate, choose Renew Exchange Certificate, it will ask to choose a file name to generate one REQ file. Use notepad to open it and copy the content to use it later. Also meantime under Exchange Certificate page you will find your new certificate, which is not ready yet.
3. Go to GoDaddy and manage your certificate, what you look for is Re-Key.
4. In Re-Key paste your copied REQ content, to get the new certificate ready(Take less than 30 minutes in my case).
5. Once the new certificate is ready you can find it under download certificate section, choose Exchange and download the zip, unzip the file at your exchange server.

Go back to Exchange management Console -> ceritificate page, Choose the new certificate we generated by Renew at step 2, click complete certificate request, now select the CRT file you just downloaded. Finish it.

6. If you are using internet proxy in your network , make sure you have proxy settings ready for your exchange otherwise it may get difficulty to revoke it. I use
netsh winhttp import proxy source=ie
To configure my proxy for Exchange.(make sure your IE is configured properly.)

 

Part Two: Renew ISA/TMG Public Certificate

Update your certificate on your FireWall by:

1. Export your new exchange certificate through the same page, save it as PFX.
2. Import that certificate to your Firewall Server, import it to personal store under Computer Account.
3. Go to the weblistener of your Firewall for Exchange, and change the certificate to the new one.
4. Finally, use this site to detect if your certificate is updated.
https://casecurity.ssllabs.com/

About Lei

I am an IT specialist with over 10 year experience - years on Automation, on-Premise or Azure.

I am happy to develop however never want be a full time developer. Only do what I have to do. If it has to be PowerShell,HTML, PHP, CSS, C#, VBS or JS, front end or backend, so be it, doesn't matter!

Spent years with Windows, SCCM, SharePoint, SQL and Exchange servers. For last several years, I have been actively working under On Premise > Azure environment.

THERE IS NO WAY BACK!!!

Current Certificates:
    Microsoft® Certified-
  • -Enterprise Administrator
  • -Database Administrator
  • -SharePoint Administrator
  • -Administering and Deploying SCCM 2012
Red Hat Certified Technician
ITIL V3 Foundation - Practitioner

Working on Azure Certificates now and hopefully they can stop upgrading their questions one day! GIVE ME A BREAK!

Contact Lei

Name *
Email *
Comments *

Traffic since 10/08/2016

Today51
Yesterday83
This week675
This month1971
Total416331

Visitor Info

  • IP: 54.227.51.103
  • Browser: Unknown
  • Browser Version:
  • Operating System: Unknown

Who Is Online

1
Online

2017-12-17

Login