My self signed certificates ( NOT SSL) on exchange 2007 have expired, does anyone know step by step how to renew them or remove them completely. Renewing is better than removing. I can't find anything how to renew existing certificates or remove this completely.thanks for your help

Hello,Take a look at article http://technet.microsoft.com/en-us/library/bb851554.aspx. There is indeed a process to renew the certificate however not so widely discussed yet. The linked article should help you to achive what you want.MMilind Naphade | MCTS:M | http://www.msexchangegeek.com

Hi Milind,Many thanks for your quick reply - I am trying to follow thos endless instruc.., will let you know the progress

This will help you to renew the certificate step by step.... Exchange Server 2007: Renewing the self-signed certificate http://exchangepedia.com/blog/2008/01/exchange-server-2007-renewing-self.htmlAmit Tank | MVP - Exchange | MCITP:EMA MCSA:M | http://ExchangeShare.WordPress.com

While you could renew your self signed cert I would see if there is a CA in your org that you could get a cert for a number of years or a trusted third party to get you an SSL cert.Check this link:http://msexchangeteam.com/archive/2007/02/19/435472.aspxIt will explain the process for generating a new cert request and then importing it. You can also look at this link here:http://www.digicert.com/ssl-certificate-installation-microsoft-unified-communications.htmDon't forget you could create a UC cert which has multiple names either from a third party or your CA in cause you have multiple aliases for your machine etc.Enjoy!BP

Have manage to renew the certificate and no longer can see the security issues when I open outlook client. However in the event log I still get the following errore message and what is most important when I try to add new mobile devices to the server this is not working. ( Active Sync) have checked all ports cant findwhere theissue is....... Here are some of the messages I can see: Certificate renewal: HasPrivateKey : True IsSelfSigned : True Issuer : CN=all.local NotAfter : 27/04/2010 12:37:38 NotBefore : 27/04/2009 12:37:38 PublicKeySize : 2048 SerialNumber : 960F0B3D394046B54C880BC488F3BC07 Status : Valid Subject : CN=all.local Thumbprint : 5AEB62DFB2EB33CFCFEB65A0AA83A63C2619DD87 AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System .Security.AccessControl.CryptoKeyAccessRule, System.Securi ty.AccessControl.CryptoKeyAccessRule} Event Errore message in the server: 1. Microsoft Exchange couldn't find a certificate that contains the domain name all.all.com in the personal store on the local computer. Therefore, it is unable to offer the STARTTLS SMTP verb for any connector with a FQDN parameter of all.mycompany.biz. Verify the connector configuration and the installed certificates to make sure that there is a certificate with a domain name for every connector FQDN 2. Inbound direct trust certificate with thumbprint 5AEB62DFB2EB33CFCFEB65A0AA83A63C2619DD87 has expired. Run New-ExchangeCertificate to generate a new direct trust certificate. Active Sync stoped working) When i run Test-ActiveSyncConnectivity WARNING: Test user 'CAS_6df01ee82bd24599' is not accessible. Therefore this cmdlet will not be able to test mailbox server 'Alldc1.all.local'. Test-ActiveSyncConnectivity : Could not find or log on with user all.local \CAS_6df01ee82bd24599. If this task is being run without credentials, log on as a Domain Administrator, and then run the new-TestCasConnectivityUser.ps1 to ve rify that the user exists on Mailbox server Alldc1.all.local At line:1 char:27 + Test-ActiveSyncConnectivity <<<< WARNING: No Client Access Servers were tested. IIS Server when i try to view certificates install on the server from the Directory Security Tab under View Certificates I am not able to view what certificates Ive got installed. Are there any tools to test the active sync in more details....... Best regards

Did you remove the old certificate? You want to double check the steps once again. http://www.msexchangegeek.com/?p=77refer for further steps.MMilind Naphade | MCTS:M | http://www.msexchangegeek.com

Many thanks for all your replys. it seems that the autodiscovery has stoped working, is not avaliable. when I do a test from any outlook client douing Ctrl Test- AutoConfiguration.... what are my options from here...

I did remove the old certificates at the end of that process........ do i have to configure the iis aswell?

Indeed you have to. Unless you have it configured for IIS it wont be applied to any of the URLs like autodiscover and OAB.Milind Naphade | MCTS:M | http://www.msexchangegeek.com

Hi Milind,The IIS was configured and the autodiscovery was working fine until I renew the cert.. do I hyave to reconfigure this agin for the new certificate.Many thanks and regads

When you renew the certificate IIS isn't included automatically and that is why you need to do it manually. If you run through the post http://www.msexchangegeek.com/?p=77you may observe the post talks about assigning the certificate manually. I would strongly recommend reading it one mroe time and follow the steps out there. Do let me know in case you encounter any problems.MMilind Naphade | MCTS:M | http://www.msexchangegeek.com