Exchange Server 2019 certificate renewal can be a daunting task. Fortunately, there are steps you can take to simplify the process and make sure that your certificate is up to date. In this article, we will cover the basics of how to renew a certificate in Exchange Server 2019, including prerequisites and the process of generating a new certificate.

Generate a wildcard Certificate Signing Request (CSR)

This is a block of encoded text that is generated on the server. The CSR contains information about the identity of the certificate applicant and the public key for which the certificate will be issued. Find the thumbprint of the certificate that expired or expiring.

$txtrequest = Get-ExchangeCertificate -Thumbprint DD75CDAE12EC115750C5783D9AA17046606EEFB8 | New-ExchangeCertificate -GenerateRequest -Server w2k19-exch

[System.IO.File]::WriteAllBytes('\\w2k19-exch\temp\ExchangeCert2023.req', [System.Text.Encoding]::Unicode.GetBytes($txtrequest))

Submit the CSR to the CA

The CSR is then sent to a Certification Authority of your choice, who will authenticate the information contained in the CSR. The CA validates the CSR and issues the certificate: After the CA fully validates the request, they will issue a digital certificate that can be used for encryption and authentication purposes.

Import certificate

Import-ExchangeCertificate -FileData ([System.IO.File]::ReadAllBytes('\\w2k19-exch\temp\certnew2023.cer'))

Assign a new certificate

Get a thumbprint of the newly installed certificate

Enable-ExchangeCertificate -Server "w2k19-exch" -Thumbprint DD75CDAE12EC115750C5783D9AA17046606EEFB8 -Services SMTP,IMAP,IIS -Force