Exchange self signed certificates

Exchange self signed certificates are used to secure communications between exchange servers inside and outside your org, for example the communication between a Edge and a Hub server, this certificates expire after 12 months and there’s no workaround for this except to screen your event log to a event id like “an internal transport certificate expired” or “is going to expire within x days or hours”. This certificates are created upon the server installation. The process of renewal is quite simple just have to follow this:

  • Just get the thumbprint of the cert that is going to expire:
    • Get-ExchangeCertificate -DomainName
  • then clone it
    • Get-ExchangeCertificate -Thumbprint c4248cd7065c87cb942d60f7293feb7d533a4afc | New-ExchangeCertificate

And that’s it ! Good as new for more 12m

More info on this subject: