Renewing the Certificate
We have multiple ways for renewing certificate. Today we will renew using Digiutil tool.
DigiCertUtil.exe makes it easy to (from Digicert site):
1: See all the SSL certificates installed on your server.
2: Easily view details for each certificate.
3: Can fix intermediate certificate problems with one click.
4: Create CSR, Export and Import your certificates to make a backup or moving them between servers.
5: Test a certificate to verify its private key is functional.
6: Repair a certificate whose private key exists on the server but is not correctly associated with the certificate.
Download and Install the DigiCertUtil Tool as shown below:
This will popup New window “EULA Agreement” -> Click I Accept
This will show you the certificate details as shown below:
Here we need to Export the current certificate and then we will Import the certificate.
First we need to generate the CSR, for generating CSR
Highlight the Certificate and click Create CSR
Fill the details per your requirement
Click Generate post creation you will see pop message as Certificate Request has been successfully created.
Select “Save to file”
After saving the file.
Update the same to the client for purchasing New Certificate, or
If you are the client then proceed with purchasing New Certificate.
After you get the New Certificate, before Importing first make sure you Export the old Certificate.
Exporting the Old Certificate
Select the old certificate that is getting expired and click the below tab “Export Certificate”
Select the first option as “Yes” as shown below and click Next
This will prompt for Password provide and confirm the same and Click Next.
Save the old certificate any different location.
Click Brose and save it.
Browse and save the file with .pfx extension
Now highlight the old certificate and click Import
Here you need to Browse the New Certificate
Select the first one with .crt extension and click open
After browsing the New Certificate, click Next
You can give Friendly Name
Once you click Finish you will get the pop up message as successfully imported.
Here we can see New and Old Certificate.
Now it’s time to check if everything looks good, for confirming Double click on the New Certificate.
Go to Details Tab go to Subject Alternative Name, here the Value should be pointed to DNS Name=”Your Certificate Friendly Name”
Now time to Test Key
Click Test Key this should give as successful without any errors
After testing now we need to enable the service using the command
Enable-ExchangeCertificate -Thumbprint “34123n41nr12rweqrn213jk4nr” -Services IIS, IMAP, POP, SMTP
For this command to run open Exchange Management Shell -> Run as Administrator
Get the Thumbprint of the New Certificate as shown below and run the command
The command -DoNotRequreSSL switch should be used like
Enable-ExchangeCertificate -Thumbprint “34123n41nr12rweqrn213jk4nr” -Services IIS, IMAP, POP, SMTP -DoNotRequireSSL
Enter and Type N
Now check OWA functionality
Open OWA and click on Lock symbol and this should show the Valid details
After confirming you can proceed with Deleting the Old Certificate.
Go back to DigiCertUtil, select the Old Certificate -> Right click and click Delete Certificate
This will should give the Popup message as it’s been successfully deleted.
Great if you see we can see only the New Certificate in the DigiCertUtil Tool.
MCTS, MCITP | Exchange Server
Publisher @ Techrid.com