Windows 2025
Sponsored Link

Exchange Server 2019 : Update Certificate2025/01/15

 

Certificates for Exchange Server services is generated and configured when it is installed, however you can replace them to your certificates if you need.

 

On this example, it uses certificate from Let's Encrypt like here.
(certificate key type is RSA, not ECDSA)

[1] Run PowerShell with Admin Privilege and configure certificate.
Windows PowerShell
Copyright (C) Microsoft Corporation. All rights reserved.

# store export password you set on certificate to a variable
PS C:\Users\exchangeadmin> $Password = ConvertTo-SecureString -AsPlainText -Force "P@ssw0rd" 

# import to [Cert:\LocalMachine\My]
# ⇒ on GUI look, stored under [Certificates - Local Computer] - [Personal]
PS C:\Users\exchangeadmin> Import-PfxCertificate -FilePath C:\Users\exchangeadmin\rx-7.pfx -CertStoreLocation Cert:\LocalMachine\My -Password $Password 

   PSParentPath: Microsoft.PowerShell.Security\Certificate::LocalMachine\My

Thumbprint                                Subject
----------                                -------
33DBCFDAD53612958BE3D7E5F5DF9E55C4C494B0  CN=rx-7.srv.world

PS C:\Users\exchangeadmin> Get-ChildItem Cert:\LocalMachine\My

   PSParentPath: Microsoft.PowerShell.Security\Certificate::LocalMachine\My

Thumbprint                                Subject
----------                                -------
F781E7F0A2282954549C573E0DE9FF8A0399DC2B  CN=WMSvc-SHA2-RX-7
CB80CFD78B48E605FCEE3FEECDD98F5C1810A348  CN=Microsoft Exchange Server Auth Certificate
404A7FEBDEDFBC89D84F5491C05EC8BFB7D540E5  CN=rx-7
33DBCFDAD53612958BE3D7E5F5DF9E55C4C494B0  CN=rx-7.srv.world


PS C:\Users\exchangeadmin> LaunchEMS 

# assign new certificate to services
[PS] C:\Users\exchangeadmin> Enable-ExchangeCertificate -Thumbprint 33DBCFDAD53612958BE3D7E5F5DF9E55C4C494B0 -Services POP,IMAP,IIS,SMTP 

Confirm
Overwrite the existing default SMTP certificate?

Current certificate: '404A7FEBDEDFBC89D84F5491C05EC8BFB7D540E5' (expires 1/13/2030 8:39:16 PM)
Replace it with certificate: '33DBCFDAD53612958BE3D7E5F5DF9E55C4C494B0' (expires 4/14/2025 4:28:24
 PM)
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [?] Help (default is "Y"): Y

[PS] C:\Users\exchangeadmin> Get-ExchangeCertificate 

Thumbprint                                Services   Subject
----------                                --------   -------
33DBCFDAD53612958BE3D7E5F5DF9E55C4C494B0  IP.WS..    CN=rx-7.srv.world
CB80CFD78B48E605FCEE3FEECDD98F5C1810A348  ....S..    CN=Microsoft Exchange Server Auth Certificate
404A7FEBDEDFBC89D84F5491C05EC8BFB7D540E5  IP.WS..    CN=rx-7
F781E7F0A2282954549C573E0DE9FF8A0399DC2B  .......    CN=WMSvc-SHA2-RX-7
Matched Content