Here is how to renew a certificate that’s expired or about to expire on your SBS 2008 Server.
- Open the Windows SBS Console
- Click on Network
- Click on “Add a trusted Certificate”
- Click “Next”
- Click “I want to renew my Current Trusted Certificate with the same provider” Click Next.
- Click Save to file and save the file.
- In this case we’re using godaddy, so log into the godaddy website using you username and password.
- Purchase a SSL renewal if you’ve not already done so and then launch your SSL Certificate control panel.
- Click Request Certificate on the right hand side
- Copy the contents of the saved file from step 6 into the CSR section of the godaddy renewal wizard. Click Next on the CSR wizard twice. Click Finished on the CSR renewal wizard.
- Approve the confirmation email that godaddy sends, and then log back into your SSL Certificate control panel at godaddy.
- Wait for the Certificate to be processed, and then download the certificate with the updated expiration date. Select the Exchange 2010 download format.
- Extract the files to a folder, and then return to your “Add a trusted Certificate” wizard.
- Select the option for “I have a certificate from my certificate provider” and then click “Next”
- Click the “Browse” button and select the .crt file from the folder you just created. Click “Next”.
- Wait for the wizard to complete. If the wizard fails follow these instructions:
- Right click on your .crt file and select install. Follow the wizard to install it.
- Open your TS Gateway Manager, verify that on the “SSL Certificate” tab the proper certificate and expiration date are listed”
- Open your Exchange Management Shell
- Run the following command and make not of the new certificate’s thumbprint. “
Dir cert:\LocalMachine\MY | fl
” - Run a “
get-exchangecertificate | fl
” to see a list of all certificates and what services they are tied to. - Verify that the newly installed certificate is configured for IIS, and any other services it should be attached to.
- Connect to https://127.0.0.1/owa and verify that the certificate being used is the newest certificate.
- If IIS is not using the correct certificate you’ll need to run this command from the exchange management shell:
Enable-ExchangeCertificate –Thumbprint XXXXXXXXXXXXXXXXXXXXX –services “iis,IMAP,POP”
where the XXX is the new thumbprint and the services listed are the ones that should be using the new cert.
Note: if you need more information on install the certificate in exchange you can read this.
Note: if you can’t figure out where the “TS Gateway Manager” you can read a write up on how to enable it here.