question

51892182 avatar image
0 Votes"
51892182 asked 51892182 commented

Exchange 2013 renew Microsoft Exchange Server Auth Certificate

i have Exchange 2013 with 2x CAS + 2x MXS, DAG in 2x MXS

CAS01,CAS02,MXS01,MXS02

i renewed the Microsoft Exchange Server Auth Certificate on CAS01, and the question

  1. i see the new one assigned with smtp, but old one also, which one with be used?

do i need to force assign the new one?

delete the old one will auto use the new one?

  1. i see set-AuthConfig have value currentCertThunbprint, previousCertThunbprint, NextCertThunbprint?

do i need to manual run this command?

  1. set-AuthConfig -PublicCert , do this will auto import to all CAS02,MXS01,MXS02?



Thanks for help

office-exchange-server-administration
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @51892182 ,
Do suggestions above help? If the issue has been resolved, please click “Accept as answer” to mark helpful reply as an answer, this will make answer searching in the forum easier and be beneficial to other community members as well.
Thanks for your understanding.

0 Votes 0 ·

1 Answer

LucasLiu-MSFT avatar image
0 Votes"
LucasLiu-MSFT answered 51892182 commented

Hi 51892182,
According to the information your provided and my research, if you have successfully renewed the certificate, please following the steps below:
1. You could run the follow command if you want to check the value currentCertThunbprint, previousCertThunbprint and NextCertThunbprint.
Get-AuthConfig | fl
16285-2222.png
2. You could run the follow command to publish the certificate to all servers. According to my understanding, it may take up to one day to replicate this certificate to all servers in the actual generation environment.
Set-AuthConfig -PublishCertificate
For more information : Set-AuthConfig
3. Once replication is completed, You could run the follow command to see if this certificate installed on each Exchange server:
(Get-AuthConfig).CurrentCertificateThumbprint | Get-ExchangeCertificate
16189-11111.png
4. After you confirm that the certificate has been successfully installed on all servers and the server is running normally, you could run the follow command to remove the old certificate:
Set-AuthConfig -ClearPreviousCertificate
5. Finally, please run the iisreset in CMD start as administrator.
For more information: Expired Microsoft Exchange Server Auth Certificate and Setting or renewing a new Exchange Auth Certificate
Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.



11111.png (5.0 KiB)
2222.png (5.2 KiB)
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @51892182 ,
Just checking in to see if above information was helpful. If you have any questions or need further help on this issue, please feel free to post back. If the issue has been resolved, please click “Accept as answer” to mark helpful reply as an answer.

0 Votes 0 ·

sorry for forget of accept the answer, just pressed

0 Votes 0 ·