Hi,Okay so this new exchange 2007 never had a "real" certificate installed, just the one that is setup during the installation of exchange.It has since expired and I see in the event logs, errors related to this.Nonetheless emails are going and coming with no problems, OWA also works if you disregard the error. There is a problem with this website's security certificate. Continue to this website (not recommended). I have read about the certificate snapin in mmc, but can't figure out where this old one is and how to generate a new one.Regards,

I ended up clone the existing expired one with the original thumbprint I also found the old one and now see another one which will expire in another year.Get-ExchangeCertificate | FL * Get-ReceiveConnector | FL name, fqdn, objectClass Get-SendConnector | FL name, fqdn, objectClass Cloning an Existing Certificate Exchange 2007 creates a self-signed certificate during installation that uses all the server and domain names that are known to Exchange at the time of installation. These certificates are valid for 12 months. In some cases, it may make sense to clone these certificates if the Subject and Subject Alternative Names can be used for other computers. Be aware that only the certificate metadata and not the key sets are cloned. To run the following cmdlets on a computer that has the Edge Transport server role installed, you must log on by using an account that is a member of the local Administrators group on that computer. To clone a new certificate from an existing certificate, you must first identify the current certificate for the domain by running the following command: Get-ExchangeCertificate -DomainName mail1.contoso.com Where mail1.contoso.com is the server name or the FQDN that you want to make a cloned certificate of. The first certificate that is listed in the output is the default SMTP TLS certificate for the server. To clone the certificate, run the following command: Get-ExchangeCertificate -Thumbprint c4248cd7065c87cb942d60f7293feb7d533a4afc | New-ExchangeCertificate Where the value for Thumbprint is from the first certificate that was listed in the output for Get-ExchangeCertificate.Regards,Cannucci

Also make sure that new certificate is attached with IIS service which is not by default when you create a new certificate and second thing, remove old one since it doesn't require... All steps explained here... Exchange Server 2007: Renewing the self-signed certificate http://exchangepedia.com/blog/2008/01/exchange-server-2007-renewing-self.htmlAmit Tank | MVP Exchange Server | MCITP: EMA | MCSA: M | http://ExchangeShare.WordPress.com