Setup - Exchange 2007 SP2, 2 ISA (NLB), 2 EDGE (NLB), 2 hub+cas (NLB), CCR - 2 Mailbox server, i remember when we built this environment last year have applied the Versign SSL certificate, the time had came to renew the 3rd party certificate but i could not find my notes to do the renewal, could anyone please help me with the correct procedure/syntax/shell commands to renew the cert. I believe this cert changes has to be done on ISA and Cas both. Thanks for your helpInderjit

Yes, You will have to apply this certificate on CAS and ISA as well. Follow below steps. View your certificate from IIS or from anywhere comfortable for you, View subject alternative name properties in Details tab. Note down all the domain names, Note down the Issues to property in General tab while viewing the certificate Run New-Exchange certificate command from Exchange 2007 powershell as below New-Exchangeceritificate -GenerateRequest -path C:\Certrequest.req -domainname "abc.com , Autodiscover.abc.com" -PrivateKeyexportable $true Note : In domain name field type alll the domain names you noted from Subject alternative name property earlier. Make sure you mentione the first domain name which you noted from issued to properties. For more info check below articles http://blogs.technet.com/b/exchange/archive/2007/02/19/3400537.aspx http://technet.microsoft.com/en-us/library/aa998327%28EXCHG.80%29.aspxSudhir Bidye.

Thanks Sudhir. My next question would be to find out the preferred way to create a CSR file for the renewal, when i logged on to Cashub server i do see have an option to generate a csr file using IIS, is that will not do the job what we are attempting from a command shell? Thanks Inderjit

You can always generate a CSR from the IIS and later you will have to import the certificate via powershell to make it effective.Where Technology Meets Talent

Inderjit, Yes, you can surely create a CSR request from IIS. Check the below link http://www.digicert.com/csr-creation-microsoft-iis-7.htmSudhir Bidye.

Yes, You will have to apply this certificate on CAS and ISA as well. Follow below steps. View your certificate from IIS or from anywhere comfortable for you, View subject alternative name properties in Details tab. Note down all the domain names, Note down the Issues to property in General tab while viewing the certificate Run New-Exchange certificate command from Exchange 2007 powershell as below New-Exchangeceritificate -GenerateRequest -path C:\Certrequest.req -domainname "abc.com , Autodiscover.abc.com" -PrivateKeyexportable $true Note : In domain name field type alll the domain names you noted from Subject alternative name property earlier. Make sure you mentione the first domain name which you noted from issued to properties. For more info check below articles http://blogs.technet.com/b/exchange/archive/2007/02/19/3400537.aspx http://technet.microsoft.com/en-us/library/aa998327%28EXCHG.80%29.aspxSudhir Bidye.

Thanks Sudhir. My next question would be to find out the preferred way to create a CSR file for the renewal, when i logged on to Cashub server i do see have an option to generate a csr file using IIS, is that will not do the job what we are attempting from a command shell? Thanks Inderjit Or use New-ExchangeCertificate which is the recommened way - http://technet.microsoft.com/en-us/library/aa998327.aspxSukh

Inderjit, Yes, you can surely create a CSR request from IIS. Check the below link http://www.digicert.com/csr-creation-microsoft-iis-7.htmSudhir Bidye.

Thanks Sudhir. My next question would be to find out the preferred way to create a CSR file for the renewal, when i logged on to Cashub server i do see have an option to generate a csr file using IIS, is that will not do the job what we are attempting from a command shell? Thanks Inderjit Or use New-ExchangeCertificate which is the recommened way - http://technet.microsoft.com/en-us/library/aa998327.aspxSukh