Renewing the Certificate

We have multiple ways for renewing certificate. Today we will renew using Digiutil tool.
DigiCertUtil.exe makes it easy to (from Digicert site):

1: See all the SSL certificates installed on your server.
2: Easily view details for each certificate.
3: Can fix intermediate certificate problems with one click.
4: Create CSR, Export and Import your certificates to make a backup or moving them between servers.
5: Test a certificate to verify its private key is functional.
6: Repair a certificate whose private key exists on the server but is not correctly associated with the certificate.
Download and Install the DigiCertUtil Tool as shown below:

Double click

 

Click Run

 

This will popup New window “EULA Agreement” -> Click I Accept

 

This will show you the certificate details as shown below:

 

 

Here we need to Export the current certificate and then we will Import the certificate.
First we need to generate the CSR, for generating CSR

Highlight the Certificate and click Create CSR

Click Yes

 

Select SSL

 

Fill the details per your requirement

 

 

Click Generate post creation you will see pop message as Certificate Request has been successfully created.

Select “Save to file”

 

 

After saving the file.

 

 

 

Update the same to the client for purchasing New Certificate, or
If you are the client then proceed with purchasing New Certificate.
After you get the New Certificate, before Importing first make sure you Export the old Certificate.

Exporting the Old Certificate

Select the old certificate that is getting expired and click the below tab “Export Certificate”

 

Select the first option as “Yes” as shown below and click Next

 

This will prompt for Password provide and confirm the same and Click Next.

 

 

Save the old certificate any different location.

Click Brose and save it.

 

 

Browse and save the file with .pfx extension

 

Click Finish

Click OK

 

 

Now highlight the old certificate and click Import

Here you need to Browse the New Certificate

 

 

Select the first one with .crt extension and click open

 

After browsing the New Certificate, click Next

 

 

You can give Friendly Name

Click Finish

 

 

Once you click Finish you will get the pop up message as successfully imported.
Click OK

 

 

Here we can see New and Old Certificate.

Now it’s time to check if everything looks good, for confirming Double click on the New Certificate.

 

 

Go to Details Tab go to Subject Alternative Name, here the Value should be pointed to DNS Name=”Your Certificate Friendly Name”

Click OK

 

Now time to Test Key

Click Test Key this should give as successful without any errors

Click close.

 

After testing now we need to enable the service using the command
Command:

Enable-ExchangeCertificate -Thumbprint “34123n41nr12rweqrn213jk4nr” -Services IIS, IMAP, POP, SMTP

For this command to run open Exchange Management Shell -> Run as Administrator

Get the Thumbprint of the New Certificate as shown below and run the command

Type N

The command -DoNotRequreSSL switch should be used like
Enable-ExchangeCertificate -Thumbprint “34123n41nr12rweqrn213jk4nr” -Services IIS, IMAP, POP, SMTP -DoNotRequireSSL

Enter and Type N

 

Now check OWA functionality

Open OWA and click on Lock symbol and this should show the Valid details

 

 

After confirming you can proceed with Deleting the Old Certificate.

Go back to DigiCertUtil, select the Old Certificate -> Right click and click Delete Certificate

 

 

Click Yes

 

This will should give the Popup message as it’s been successfully deleted.
Click OK

 

Great if you see we can see only the New Certificate in the DigiCertUtil Tool.

 

Happy Learning…..

 

Praveen Kumar

MCTS, MCITP | Exchange Server

Publisher @ Techrid.com