Good, we see the old certificate is there with the E1343…thumbprint as well as the new certificate with the 47F8…thumbprint. Before we proceed, lets make sure the new Federation Certificate is listed properly by running Test-FederationTrustCertificate
Renew ssl certificate exchange 2010 update#
You can see the original domain proof at the bottom because it has the original Federation certificate’s thumbprint E1343… I’ve highlighted the new domain proof in green. To find out what this new domain proof is, run the following:.Note: I recommend checking that the certificate got pushed to all your servers. Once it completes, you will see some yellow warning text telling you that because you set a new certificate for Federation you will need to update your TXT domain proof on your external DNS. When you run this, if you have a lot of servers, you’ll see that it will take a little while to push this new certificate to your Exchange servers. Run Get-FederationTrust | Set-FederationTrust -Thumbprint 47F8CD99….Run Get-ExchangeCertificate to see where we are at now, it should look something like this with the new certificate created but no services are assigned yet:.New-ExchangeCertificate -FriendlyName “Microsoft Federation Gateway” -DomainName -Services Federation -KeySize 2048 -PrivateKeyExportable $true -SubjectKeyIdentifier $ski Create a self-signed certificate for the new certificate we will roll over to:.Create a unique subject key identifier to be used with the new certificate:.To create a new Federation certificate to rollover to, we will reference some steps from the Configuring a federation trust TechNet page. Without this defined, there is nothing to rollover to! What’s important to see here is that there is only the original Federation certificate currently and there is no OrgNextCertificate. The Federation certificate is the one with the thumbprint: E1343EB2BB….This certificate also is the only one with the F (Federation) flag set. The first step is to see what we are dealing with. So how does one go about renewing the Exchange Federation certificate? Maybe at this point I should mention that we aren’t really “renewing” this certificate, but rather “rolling over” this certificate to a new one. Ideally we want to address this issue before the certificate expires so that you and your messaging environment don’t run into any problems.
You’re happily sharing Free/Busy time with other federated Exchange organizations, but there comes a point, 5 years to be exact, that the certificate is no longer valid. When you first setup the Microsoft Federation Gateway, it creates a brand new shiny certificate in your Exchange environment and all is just great. One of those things is the Microsoft Federation Gateway certificate. UPDATE (February 5, 2022): This blog has been updated to include a fix for a recent issue that popped up regarding publishing the federation certificate in step 11 below.Īfter a few years, most things usually need some maintenance and attention.
0 kommentar(er)
