Renew a self-signed certificate in Exchange

If a certificate has exired (shows exipred in the event logs) then you need the thumbprint. Can find this on the outlook web access->rightclick->properties->certificates->thumbprint.

Open exchange cli:

-lets you see a list of all the current certificates and their thumbprints.

If the certificate isn't expired, try this:

get-exchangecertificate -thumbprint
XXXXXxxxxxxxxxxxxxxXXXXX | enable-exchangecertificate
-services "IIS,SMTP"

If the certificate HAS expired (as it says it has in the event
description: "The existing certificate for that FQDN has expired"),
and the certificate is "self signed" then you should be able to renew
the cert like this:

get-exchangecertificate -thumbprint
XXXXxxxxxxxxxxxxxxxxxxXXXXX | new-exchangecertificate
-services "IIS,SMTP,IMAP,POP"


Remove services from a cert:
Enable-ExchangeCertificate -Services None -Thumbprint