Exchange 2007 Renew Self Signed Certificate

We have a self-signed certificate on our IIS7 server that is due to expire and we would like to renew this certificate. This is how I renew an Exchange 2007 SSL Certificate when you get the notice in Outlook it has expired. This can be done via GUI, however with the proper powershell commands this is often more faster. The self-signed certificate meets an important need – securing communication paths for Exchange services by default. The self signed certificate is only for SMTP not for IMAP, POP, IIS which uses a 3rd party cert. Self-Signed Certificate Exchange Server 2010 - how to fix certificate errors in exchange 2010 2013. Exchange 2007 automatically installs a self-signed certificate. When you click Assign, the Progress page will confirm your selections and try to renew the certificate. exe, to create a self-signed certificate that can be used with IIS (Microsoft Internet Information Server). Some Web surfers who don’t understand SSL may think there’s a problem if a certificate shows a name. By default, these certificates are self-signed. When installing exchange 2007 it is possible to create a self-signed certificate for the Exchange Transport layer. Export this new certificate by right-clicking it. In Exchange 2010, the certificate validity period is raised to five years. Exchange Server 2013: Generate CSRs (Certificate Signing Requests) Before you can request a certificate through our online application, you need to use the Exchange Admin Center to generate a Certificate Signing Request (CSR) for your website. En Exchange Server 2007 this renewal process was done with three commands in PowerShell and have now implemented the ability to do this using a wizard! To renew a certificate, we go to the Management Console Exchange > "Server Configuration" > Select the server that you want to renew the certificate and at the bottom we see the certificates. Self-Signed certificates are valid for one year, as can be seen in Figure 7, and will need to be renewed after a year. In Exchange 2010, the certificate validity period is raised to five years. Das muss also erneuert werden. How to renew a self signed certificate in Exchange Server 2007 Posted on February 16, 2012 by dpejic When a new Exchange Server 2007 role is installed on a computer the server automatically generates a self signed certificate to be used with services like transport (SMTP), POP, IIS (OWA and Exchange Web Services) and IMAP. Outlook autodiscover is finding this certificate at the root domain name and giving users a popup. exe, to create a self-signed certificate that can be used with IIS (Microsoft Internet Information Server). I ended up deleting the entire "Microsoft Exchange" branch from. By default this feature is enabled and all outlook connectivity takes place over it based on valid SSL certificate on CAS server(s). 'Domain Security in Exchange 2007' is an excellent whitepaper on Exchange 2007 and TLS so we aren't going to reproduce it in this post, but we wanted to give mention to this new change and point everyone in a direction to read more on. Step – 1 Open an Exchange Management Shell go to the Start Menu -> Microsoft Exchange You can also start a standard Powershell 2. An internal transport certificate expired. The steps are fairly straightforward, however it may seem daunting and completely foreign for new users who aren't familiar with certificates. First, obtain the thumbprint of the current default certificate by running the command shown in the previous example. Just make sure that they use IE for webmail, this picks the certs up automatically from the user and machine certificate store. They do not have a Certificate Authority (CA) and do not pay for an outside certificate. After a year this certificate expires and requires a new certificate to be created. Exchange relies on this self-signed certificate. The self-signed certificate has the NetBIOS hostname as the Common Name and the FQDN in the Subject Alternate Names field. 0 Console and load the Exchange addin by issuing the PS cmdlets:. 04 and SOLR 3. The Self Signed Certificate As Exchange starts to mature, and installations have been in place for over 12 months, the question of renewing the self signed certificate comes up. Once renewed setup will complete. to set the certificate up and remember to renew it before it expires. Renew Exchange 2010 Certificate June 8, 2017 March 12, 2018 Views: 869 Articles Certificates , Exchange , Powershell Matthew Marable If your organization is running Microsoft Exchange 2007/2010, you may not be aware that the Self-Signed Exchange Certificate that is installed by default during installation has a validation period of 5 years. Renewing the self-signed certificate in Exchange 2010 and Exchange 2007. Verify that it says "False" under "Self Signed". With self signed certificates some web browsers throw a wobbly though don't they and you have to add exceptions? I know Firefox 3 does. The self-signed certificate meets an important need - securing communication for Exchange services by default. For the latter, we walked through the installation of Certificates Services on Windows 2008. To make renewing a certificate easier, DigiCert automatically includes the information from the expiring certificate in our renewal wizard. In Exchange 2007, the certificate is issued for a period of one year. Log on to Exchange Admin Center (EAC). The certificate is issued for a period of one year. This time I will be talking about how get get around some of the more common issues that I have seen with certificates and Exchange 2007, I’ll do this as a bit of an FAQ as it is easier for me to organise. If this certificate exists, run Enable-ExchangeCertificate -Services SMTP to make sure that the Microsoft Exchange Transport service has access to the certificate key. So you have to renew the certificate to overcome from the annoying situation. In the Renew Exchange Certificate page. The Exchange 2007 self signs a certificate when the server role is first added for all the Exchange services that run in unison with IIS (smtp & owa etc). This certificate generally isn't ideal for Outlook and OWA clients because it's not trusted by any machines except for the Exchange server, and one of the first tasks to do is replace this…. I'm going to answer the first part of the question in this tip which will also answer the second part. Many monitoring services available are not designed to monitor the certificate being used on many Windows services, and unfortunately many certificates are only purchased or signed for a year so every year there is a half day or more where Remove Desktop Services become unavailable until a new certificate is put in place. Step - 1 Open an Exchange Management Shell go to the Start Menu -> Microsoft Exchange You can also start a standard Powershell 2. create or renew self-signed certificate on Exchange server 2007 October 1, 2009 EMG Leave a comment After creating a new hub transport server(or any exchange 2007 server), a new self-signed certificate with the server name is created. We need to remove the expired certificate from Exchange 2007 or Exchange 2010 and then create a new certificate and allocate the correct services to the new certificate. com certificate. I will be going through the basics of creating self signed X. Exchange 2007 will issue Self-Signed to all except Mailbox Server. someone else indicated it was a self signed cert so that should be free. Unlike renewing an Exchange email certificate issued by a third party such as GoDaddy, you can easily generate a new self-signed certificate with a few easy commands using the Exchange PowerShell. Select the option which you want to use for requesting your renewed certificate, and then click Request Certificate. Free SSL Certificate for your Exchange 2010 server Sounds too good to be true, but… it is. Renew an Expired Certificate. 04 and SOLR 3. Please note that the self signed certificate is not the recommended way to communicate with the server from external sources. How to Trust a Self-Signed Certificate in IE 9 Nov 9, 2012, 7:10 AM -06:00 Interner Explorer 9. The credentials used to sign the certificate are created by the Exchange server itself and includes details of the issuer (self). How to renew a self signed certificate in Exchange Server 2007 When a new Exchange Server 2007 role is installed on a computer the server automatically generates a self signed certificate to be used with services like transport (SMTP), POP, IIS (OWA and Exchange Web Services) and IMAP. Get-ExchangeCertificate. The Exchange 2007 self signs a certificate when the server role is first added for all the Exchange services that run in unison with IIS (smtp & owa etc). tag:blogger. Choose create a request for a certificate from a certification authority option. U-BTech Solutions provides Certificate Manager for Exchange Server 2007 for free, to ease the process with a simple, easy to use GUI which enables you to: Manage your current server certificates, Enable certificates for Exchange 2007 Services (POP, IMAP, SMTP, IIS, UM), Generate an Exchange 2007 Certificate Signing Request and process the. Vernieuwen van een self-signed Exchange certificaat Bij het opstarten van Outlook krijg je onderstaande melding: De geldigheidsduur van het beveiligingscertificaat is verstreken of het certificaat is nog niet geldig. When you click Assign, the Progress page will confirm your selections and try to renew the certificate. com,1999:blog. The self signed certificate that is installed is not supported for use with either Outlook Anywhere or Exchange ActiveSync. How to create a self-signed SSL certificate for Exchange 2003/2007/2010 on Windows Server posted 3 Jul 2012, 01:14 by Colum Brady One of the requirements for the SSL certificate is that it has to work both internally (for employee's computers on the LAN) and externally for public/roaming access (employees on the road, work at home). 0 Resource Kit SelfSSL. You will need to create and assign a new SSL certificate if you're putting up a new Exchange server into production or renewing it for an existing server. To renew the certificate, open the Exchange Management Shell on the server in question and run the following powershell command:. Answer: In Exchange Server 2007 the defualt self signed certificate is only valid for one year after the server installation. Same note as my previous article, I've only tested this on an Exchange 2007 SP1 server running Windows 2003 R2 - your results may vary depending on your actual configuration. To enable your certificate, return to the Exchange Management Console and click the link to "Assign Services to Certificate. how can i rever the previous settings or reset the certificate previously used by exchange. Renewing an Exchange Certificate - Self signed / StartTLS or Transport (Exchange 2007 / 2010 / 2013). I can receive their plain emails, but not their encrytped emails. This means that the client will contact the Exchange server via HTTP/s, where some proxy servers will not interfere, some will block the authentication between the client and the server which will turnout as popups…. We have upgraded two weeks ago all devices to Windows 10 (10. Installing a certificate on Microsoft® Exchange 2007 At this time Network Solutions® does not offer a Unified Communications Certificate, however by following the below instructions you can get two certificates for your environment; your existing mail. Clients accept the new certificate silently because it shares the same ancestry as the previous certificate. These certs are very helpful for exchange environments as it can be used to replace the self-signed Exchange certificate as well as work for the multiple exchange sites such as autodiscover, owa. Once a year you will need to create new edge certificates and re-establish the synchronization. They are ideal for cloud services whereby the number of allocated ip addresses are limited yet must be shared with multiple virtual hosts. Blackberry Enterprise Server and Exchange 2010: OpenMsgStore failed (8004011d) by Jeanne De Villiers. Make the file available on the client machine. Ya, it is a bit confusing for admins trying to migrate on their own to Exchange 2007 or Exchange 2010 and wanting to use the same certificate. Even so, self-signed certificates aren’t an ideal solution. The reason is that Exchange installs a self-signed certificate with the hostname and FQDN of the server, i. http://mtirado. An easy way to achieve this trust is to import the OCS 2007 server into the client’s certificate store. Installing a certificate on Microsoft® Exchange 2007 At this time Network Solutions® does not offer a Unified Communications Certificate, however by following the below instructions you can get two certificates for your environment; your existing mail. The Self Signed Certificate As Exchange starts to mature, and installations have been in place for over 12 months, the question of renewing the self signed certificate comes up. Exchange 2007 will issue Self-Signed to all except Mailbox Server. Extend Default Certificate Expire Date for Windows CA Yong Kam Wah March 17, 2016 Others No Comments We got a request from our client asking whether it is possible to increase the expire date for the SSL Certificate for their Exchange 2007 Server from 2 years to 5 or 10 years and we start to think how to Extend Default Certificate Expire Date. I thought it would be even more helpful to put up a separate post that would talk more about the certificate renewal process in Exchange 2010 which indeed would cover few steps for Exchange 2007 certificate renewals as well. Renewing Exchange 2007 SSL Certificates SSL Renewal Made Easy using the DigiCert Utility. The self-signed certificate is not trusted by client computers or computers out on the Internet. This is an interesting artiche that I used in the past to renew or create Self Signed certificate on Exchange 2003 SSL Enabling OWA 2003 using your own Certificate Authority Create A Self Signed SSL Cert For Exchange Guide How to renew an Exchange 2007 Self Signed Certificate. This article will explain this new method which uses the Exchange Management Shell. If SP2 for Exchange 2007 is installed, then the self-signed certificate will last for 5 years. We are running Exchange server in hybrid configuration with AD and we need to have autodiscover domain secured, but i dont know how to apply the lets encrypt cert on it. com - (copy the thumbprint of the expired SSL). And a lot of them offer conlicting information. The self signed certificate is only for SMTP not for IMAP, POP, IIS which uses a 3rd party cert. Exchange 2010 extends the expiration period to five years. cer file to the Windows Mobile Device, and had the end user go to My Documents and click the. oliver said Currently I cannot find much on assigning via the new Exchange 2010 post, so congratulations to you. Part I - Preparing the CSR Input String. how can i rever the previous settings or reset the certificate previously used by exchange. But I was asked, and what you guys ask for, I will work out how to do 🙂 Solution Export Certificate from Exchange 2007. If you are doing to a Cross forest move between two Exchange 2010 Forests In order to authenticate between Exchange 2010 forests - using a Self Signed Certificate Will be Exporting the Target Exchange Server Certificate and import it on the Source Exchange Server Vice Versa Will be Exporting the source Exchange Server Certificate and. Option 1: Issue a SAN (Subject Alternative Names) Certificate - also called a wildcard certificate. Once a year you will need to create new edge certificates and re-establish the synchronization. Hello, i have the same issue, self signed certicate and ios 10. exe, to create a self-signed certificate that can be used with IIS (Microsoft Internet Information Server). One may replace this with the one issued by a Certification Authority. To renew the certificate, open the Exchange Management Shell on the server in question and run the following powershell command:. In this scenario, several client protocols such as ECP, OWA, ActiveSync and Exchange Management Shell cannot connect. For this, open EMS (Exchange Management Shell): Start > All Programs > Microsoft Exchange Server 2007 > Exchange Management Shell and then run two commands together - one for the installation of the Certificate at the server and one enabling it for the required services. Here is a step-by-step guide and how to create your own self-signed certificate (for free) using Windows (I used 2003 but this should work on 2008 as well) and Exchange 2003-2007-2010. Export this new certificate by right-clicking it. However, there are two major cases where a certificate for Office 365 is going to be required: ADFS and Office 365 Hybrid Exchange Configuration. Note: Exchange Server 2007 PowerShell syntax was adapted from an article on The Ramblings on an Exchange Admin blog. (Important that you use the Pipe command to run this all in one. 848-07:00 daghash noreply@blogger. benim anladıgım cozum, ya san sertifikası icin smtp dahil edilecek ya da mevcut self signed sertifika yeniden olusturalacak. This will be used for your internal OWA, OMA, ActiveSync. Certificate 2,3: as far as I know, they are self-signed, both expired. The Benefits of CA Authority Verified SSL Certificates: If you are using a CA trusted SSL certificate for your exchange server than you can avoid the hassles of installing your self-sign certificate on every clients those will access your server. Remove a certificate from a service My goal is to get my SMTP service back to using the self-signed certificate that Exchange generated. I had to renew an expired self signed SSL certificate that i have on Exchange 2007 box today, and found the SSL clone trick interesting and did the job for me. 0, therefore the certificate is tied to the Default Website in IIS and can be renewed/replaced using IIS Manager. ) to force Outlook 2010 to ignore the fact that Exchange is using a self-signed certificate and JUST CONNECT without being so squeamish and annoying about the Certification Authority that. I knew that a couple years, my colleague was setup to use self-signed certificate for OWA. Change the Autodiscover URL in the Service Connection Point. Renew an Expired Certificate. http://mtirado. Free SSL Certificate with Full Security. Outlook App/Exchange 2007 SP3 mail server certificate is invalid (self. But in Exchange 2007 EMC, I do not see any option of 'New Exchange Certificate' for UM. In Exchange 2007, the certificate is issued for a period of one year. If your using PlainTextLogin IMAP or POP must be set to reference the default "self signed certificate" generated by the Exchange installation process which matches the FQDN on the service. As you say in your question, a CA is only as good as the ways in which it is secured - an untrustworthy CA creates untrustworthy certificates. exe to create a self-signed test certificate that can be used with IIS for SSL. 0x80004005 ad replication adsense affiliate backup backup exec blackberry bluetooth Citrix conficker conficker virus data recovery exchange exchange 2007 exchange 2010 exchange 2013 forefront fsmo roles funny computer picture google adsense KB958644 Lotus Notes mcafee mom mom 2005 netapp Outlook outlook 2003 podcast replication script Sophos. This can also happen if your send\receive connectors FQDN (specify the fqdn this connector will provide in response to HELO or EHLO) does not match your cert name as event indicates; but since you mentioned that it expired; it's probably related to that. com/2010/12/08/exchange-2007-certificates/ Please visit the site were this video is posted to understand the entire process. In this scenario, several client protocols such as ECP, OWA, ActiveSync and Exchange Management Shell cannot connect. Many monitoring services available are not designed to monitor the certificate being used on many Windows services, and unfortunately many certificates are only purchased or signed for a year so every year there is a half day or more where Remove Desktop Services become unavailable until a new certificate is put in place. 02 - We want to install a public certificate not self-signed certificate. Outlook uses certificates in cryptographic email messaging to help keep communications secure. Learn more at Sharing. You needd proper cert, that will be trusted by both - server and client. You remove the Microsoft Exchange Self-Signed certificate from the Exchange Back End Website by using Certificates MMC, Remove-Exchangecertificate, IIS Manager or another method. Select certificates tab. This certificate generally isn't ideal for Outlook and OWA clients because it's not trusted by any machines except for the Exchange server, and one of the first tasks to do is replace this…. Let's right click on the certificate that is about to expire and then click on Renew Exchange Certificate. The Self-Signed Certificate is installed automatically as part of the Ex2013 installation. How to use makecert. Free SSL Certificate with Full Security. com certificate and a new Autodiscover. We host our own mail server with a self-signed certificate and previously we could manually trust the certificate on iOS devices. However, this self-signed cert is not recognized by web browsers and mobile devices and will cause security warnings and connection failures. How to Renew Exchange 2007 Self-Signed Certificate CHUONG K. com certificate. When you initially install Exchange 2007, a self-signed certificate is automatically generated. Click next. It seems that user has been using Exchange 2007 for about a year. SSL certificates are issued for periods of spanning a number of years (typically in multiples for example one, two or more years, however eventually they do expire and need to be renewed). I just have some concern. But I was asked, and what you guys ask for, I will work out how to do 🙂 Solution Export Certificate from Exchange 2007. Renew Exchange 2013 self-signed Certificate. To install your SSL Certificate, perform the following steps: Open Internet Information Services Manager, or the custom MMC containing the Internet Information Services snap-in. Please note that the self signed certificate is not the recommended way to communicate with the server from external sources. If we need to use a certificate issued by an internal windows certification authority server, follow this article. The self-signed certificate meets an important need – securing communication paths for all Exchange services by default. The self signed certificate is only for SMTP not for IMAP, POP, IIS which uses a 3rd party cert. Of course, you will need to open the Exchange Management Shell as an administrator prior to excuting the command below. com - (copy the thumbprint of the expired SSL). If you have paid for a certificate I can see why you would want to transfer it to the new Exchange box, though if your using self signed certificates, it’s a simpler task to create a new one. How to Renew Exchange 2007 Self-Signed Certificate CHUONG K. Click servers on the features pane. Use the New-ExchangeCertificate cmdlet to create and renew self-signed certificates, and to create certificate requests (also known as certificate signing requests or CSRs) for new certificates and certificate renewals from a certification authority (CA). Renew an Expired Certificate. In my case I was using an inexpensive service provided by www. com certificate and a new Autodiscover. This self signed certificate is valid for one year only and get expired. Click Start, point to All Programs, point to Exchange Server 2007, and then click Exchange Management Shell. Same note as my previous article, I've only tested this on an Exchange 2007 SP1 server running Windows 2003 R2 - your results may vary depending on your actual configuration. To renew the certificate installed in MS Exchange 2007, follow these steps: Step 1: Generate a new Certificate Signing Request (CSR) Make a note of the thumbprint for the current certificate that is installed. Exchange’s self-signed certificates meet an important need – securing communication paths for all Exchange services by default. This certificate is used with exchange services like SMTP, POP3, IMAP, IIS and UM. When you setup SBS2008 (and Exchange 2007) it creates and uses a self signed certificate, which is fine. On the same server, run the DigiCert® Certificate Utility for Windows. How to renew a self-signed certificate in Exchange Server 2007. When you initially install Exchange 2007, a self-signed certificate is automatically generated. Microsoft Exchange 2010 - Generate SSL certificate request (CSR) Last updated: 14/01/2016 Generate a CSR for Microsoft Exchange 2010. For the cas that doesn't have a self signed cert generate a new one. When you install an Exchange 2007 server, there will also installed an self-signed certificate. Re: Problem connecting to Exchange 2003/2007 mailbox over TLS using IMAP Bill Shannon-Oracle Sep 27, 2011 6:50 PM ( in response to 806677 ) Looks like you're running into some basic SSL problem. Activating the Certificate. cer" in c:\ directory. One may replace this with the one issued by a Certification Authority. We are running Exchange server in hybrid configuration with AD and we need to have autodiscover domain secured, but i dont know how to apply the lets encrypt cert on it. When installing exchange 2007 it is possible to create a self-signed certificate for the Exchange Transport layer. Exchange 2007 Self-Signed Certificate This will probably never come up in my ventures as the Administrator here at my job, but it has come up with one of our customers. 01 – Now, let’s create certificate signing request (CSR). When you install an Exchange 2007 server, there will also installed an self-signed certificate. 02 – We want to install a public certificate not self-signed certificate. Therefore there is no chance of existing users being interrupted. When you setup SBS2008 (and Exchange 2007) it creates and uses a self signed certificate, which is fine. Exchange 2010 and your own PKI infrastructure March 29, 2011 jaapwesselius Leave a comment When it comes to Exchange Server 2007 or Exchange Server 2010 it is a best practice to use a real world SSL certificate for the Client Access Server. In Exchange 2010, the certificate validity period is raised to five years. 'Domain Security in Exchange 2007' is an excellent whitepaper on Exchange 2007 and TLS so we aren't going to reproduce it in this post, but we wanted to give mention to this new change and point everyone in a direction to read more on. 2 thoughts on " How to renew the WatchGuard default self signed web certificate " pat 15th September 2017 at 3:38 pm. Download: Buyer's Guide to Windows Server 2016 in 2018. Renewing is better than removing. This cmdlet is available only in on-premises Exchange. thanks for your help. To reset the IMAP service to reference the default self signed certificate, we simply need to change the X509CertificateName back to the FQDN of the server. Renew the current self-signed certificate using IIS via “Server Certificates”, right-clicking on the current certificate and running the “Create Self-Signed Certificate”. Log on to Exchange Admin Center (EAC). If you'd like to renew your Exchange 2007 SSL Certificate with minimal use of the Exchange Management Shell please see our Exchange 2007 SSL renewal using the DigiCert Utility page. It seems that user has been using Exchange 2007 for about a year. B - The process for renewing through a verified authority like GoDaddy / 123 Reg is not discussed here. So here's the howto: Using the Exchange Management Shell run the following commands: - Get-ExchangeCertificate -DomainName server. I then moved the. Exchange 2007 uses a number of self signed certificates by default, that typically only last 12 months. 0x80004005 ad replication adsense affiliate backup backup exec blackberry bluetooth Citrix conficker conficker virus data recovery exchange exchange 2007 exchange 2010 exchange 2013 forefront fsmo roles funny computer picture google adsense KB958644 Lotus Notes mcafee mom mom 2005 netapp Outlook outlook 2003 podcast replication script Sophos. On the same server, run the DigiCert® Certificate Utility for Windows. On the File tab, click Options. How to Renew Exchange 2007 Self-Signed Certificate CHUONG K. The Benefits of CA Authority Verified SSL Certificates: If you are using a CA trusted SSL certificate for your exchange server than you can avoid the hassles of installing your self-sign certificate on every clients those will access your server. The certificate expires after one year from the date the server was first installed or the date the certificate was assigned manually. But I was asked, and what you guys ask for, I will work out how to do 🙂 Solution Export Certificate from Exchange 2007. Complete the transaction for your renewal, and then return to your list of common names. In Exchange 2007, the certificate is issued for a period of one year. You will typically get a note in the event viewer when the certificate is about to expire. For the latter, we walked through the installation of Certificates Services on Windows 2008. So here's the howto: Using the Exchange Management Shell run the following commands: Get-ExchangeCertificate -DomainName server. Download: Buyer's Guide to Windows Server 2016 in 2018. After completing these steps, your certificate should be installed and usable. You will typically get a note in the event viewer when the certificate is about to expire. In Replacing the Exchange 2007 Self-Signed Certificate (Part 1) we looked at the choice between public and private Certification Authorities CAs. On the File tab, click Options. But I was asked, and what you guys ask for, I will work out how to do 🙂 Solution Export Certificate from Exchange 2007. For now, we asked the 3rd party web hosting company to renew their ssl. NOTE: If your server does not support SSL, all mailbox data will be transmitted non-encrypted. I've had a SBS2011 with self-signed certs which expired a few days ago. com The Self-Signed certificate in Exchange 2007 (generated automatically during the installation process) is valid for one year. 6 Install + TIKA. You can imagine renewal as a kind of family thing: when a certificate is "renewed", it is actually replaced by a younger sibling. Tidbits of interest, Outlook 2007 will allow a self-signed certificate to be used for things like EWS and Autodiscover, but Outlook 2010 will *not*. Outlook App/Exchange 2007 SP3 mail server certificate is invalid (self. " Select your certificate from the list provided, then click Next. If you're using the self-signed certificate and it's approaching the expiration date, now it's probably the time to renew it. Hi There, I want to renew a self signed certificat in exchange server 2007, but I missed the date NtAfter, so I want to know if there is another way to renew the certificate,. Warning message when you start Outlook 2007 and then connect to a mailbox that is hosted on an Exchange 2007-based server: "The name of the security certificate is invalid or does not match the name of the site" Probably Cause: You replace the default self-signed Exchange 2007 certificate with a different certificate. Here is a step-by-step guide and how to create your own self-signed certificate (for free) using Windows (I used 2003 but this should work on 2008 as well) and Exchange 2003-2007-2010. Exchange 2007 Renew Self Signed Certificate.