SBS Exchange Certificate Expired

KB ID 0000535

Problem

When you setup SBS2008 (and Exchange 2007) it creates and uses a self signed certificate, which is fine. But by default it only lasts two years. The best option is to buy a proper certificate, but if you simply want to generate a new one here’s how to do it.

Solution

1. Here you can see your certificate has expired.

certificate expired

2. Normally you need to access your certificate services web enrolment console to carry this procedure out. But when you navigate to https://localhost/certsrv you will probably see this:

certificate expired

Server Error in Application “SBS WEB APPLICATIONS”

Note: If web enrolment is installed, and you still cant access certificate services (CertSrv) then click here

3. You are seeing this error because certificate services might be installed, but the “Certificate Authority Web Enrolment” role service is not, you can add it from server manager.

certificate expired

4. Select it and follow the on screen prompts > Go and have a coffee.

certificate expired

5. Now you should be able to access the web front end.

certificate expired

6. To get a certificate we need a certificate request, you can write the powershell yourself like so:

New-ExchangeCertificate -GenerateRequest -Path c:mail_yourpublicdomianname_co.csr -KeySize 2048 -SubjectName “c=gb, s=Your State COunty, l=Your City, o=Your Org, ou=Your Department, cn=mail.yourpublicdomianname.com” -PrivateKeyExportable $True

OR simply go here and let the good folk at Digicert do the heavy lifting for you.

certificate expired

7. Now you have the code, generate the request, on the Exchange server >  Start > All Programs > Microsoft Exchange Server 2007 > Exchange Management Shell > Execute the command you copied above.

certificate expired

8. This will dump the request on the C: drive (because in your command above you set the path to C:mail_yourpublicdomianname_co.csr) Locate it and open it with Notepad. Then select and copy ALL the text (copy as shown no extra spaces etc.)

certificate expired

9. If you have closed it down log into certificate services web access. Select “Request Certificate” > We will be submitting an advanced certificate request.

certificate expired

10. “Submit a certificate request by using………..”.

certificate expired

11. Paste in the text you copied at step 8, change the certificate template to “Web Server” > Submit.

certificate expired

12. Download the certificate.

certificate expired

13. Save it somewhere you can find it (the root of the C: drive is easiest, as you are going to be referencing it in a command shortly).

certificate expired

14. Job done, close the browser window.

certificate expired

15. Back at the Exchange Management Shell issue the following command:

Import-ExchangeCertificate -Path c:the-name-of-your-cert.cer

certificate expired

As it imports it shows you the thumbprint of the certificate, mark this and copy it to the clipboard.

16. Now you have the certificate imported you can enable it, issue the following command:

Enable-ExchangeCertificate -Services “SMTP,POP,IMAP,IIS”

It will ask you for the thumbprint > paste it in > when prompted enter “A” to confirm all.

certificate expired

17. That’s the job finished.

SBS2008 Unable to access Certificate Services

I’ve seen this on a few SBS2008 Servers, when you install the web enrolment service it installs into the servers “Default Web Site”, For any other Windows/Exchange combo that’s fine but SBS likes to do things its own way. It creates another web site called “SBS Web Applications” and uses that. That’s fine, but only one can be up and running at a time.

certificate expired

CertSrv The Webpage cannot be found

1. Warning: You are about to stop things like OWA briefly. From Administrative tools launch the Internet Information Services (IIS) Manager > Locate the SBS Web Applications site and click stop (right hand column) > then select the Default Web site and start it.

certificate expired

2. Select the CertSrv virtual directory.

certificate expired

3. You can now browse via http/https and this will open the site in your default browser. Don’t forget to stop the Default website, and restart the SBS Web Applications site when you are finished.

certificate expired

 

Related Articles, References, Credits, or External Links

NA

Author: Migrated

Share This Post On