h i want to renew my certificate which is runng on exhange 2007 sevices ex: pop3, imap, iis, https. Exchange 2007 certificate after renewal certificate outlook anywhere will work without any change at client computer? i got this url http://exchangepedia.com/2008/01/exchange-server-2007-renewing-the-self-signed-certificate.html but it changed the thumbprint and i get new thumbprint for renewed certificate in this case need to change certificate for outlook anywhere users? also i have CA server inplace on w2k3.

Hi sameer.aw, If you have a self signed certificate then you must install this certificate as trusted root certification authorities in users machine´s that uses outlook anywhere. You must make this install using mmc=>add snap-in=>certificates pointing to local machine. Regards

I would highly recommend that you use 3rd party certificates instead on your own CA going forward.

hi thanks for reply Is there any way can outlook anywhere users get the certificate automatical, outlook anywhere users are in workgroup and they are at remote location.

Agree with Andy, 3rd party certificate is a better choice. Sameer, if you want to renew the CA certificate, you can create a new CA certificate, then import and enable it. If you use Get-ExchangeCertificate -thumbprint “C5DD5B60949267AD624618D8492C4C5281FDD10F” | New-ExchangeCertificate, it will be created a new self-signed certificate. More information about creating a new CA certificate: How to Request an SSL Certificate http://technet.microsoft.com/en-us/library/bb310781(EXCHG.80).aspxFrank Wang

I can’t use 3rd party certificate now. My exchange server certificate will expire in next 7 days i want to renew certificate without harming any outlook anywhere users so please tell me is there any possibility. I am using my Internal CA server. please also provide me step by step document how perform.

Hi sammer.aw, You can create a new certificate using the solution provided by Frank, without enabling it on CAS Server. Then you can export this certificate and install in the machines that uses outlook anywhere. You can install manually or using a group policy to the Trusted Root Certification Authority. This link will help you to deploy using group policy: http://technet.microsoft.com/en-us/library/cc770315(WS.10).aspx After you install the certificate, the next step is to import and enabling it on CAS Server. Rafael Okamoto _________________________________________________________________________ Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Hi Frank if i create a new certificate CA certificate and then import and enable it. will my thumb print remain same or not ? if it is change then the same problem again . then i need to deploy new certificate at all outlook anywhere users. please help me if there is any way or 3rd party is the only solution?

3rd party is the best solution yes. The remote clients will already trust those 3rd party certificates. (Verisign, Digicert, GoDaddy, etc....)

if i create a new certificate CA certificate and then import and enable it. will my thumb print remain same or not ? if it is change then the same problem again . then i need to deploy new certificate at all outlook anywhere users. please help me if there is any way or 3rd party is the only solution? Hi Sameer, If you create a new certificate, the thumbprint will be changed. But as I know, you just need to import the root CA certificate to the workgroup client, and you have already done it. So please create a new certificate and import and enable it. After that, please delete the old certificate. About step by step document, please see: Managing SSL for a Client Access Server http://technet.microsoft.com/en-us/library/bb310795(EXCHG.80).aspx Suggest you export the old certificate before you delete it.Frank Wang

Thanks Frank