A self-signed Microsoft Exchange 2007 Security Certificate is valid for a period of one year. After this period you’re required to re-issue a new certificate. This can be done using EMS (Exchange Management Shell) and the New-ExchangeCertificate CommandLet (cmdlet).

If you do not update / reissue the certificate, Outlook will complain about this issue displaying a Security Warning on the users display (this one’s in German).

Outlook_SecurityWarning Certificate not valid

Step-by-step (quick tutorial):

1. Open a EMS (Exchange Management Shell). On Windows 2008 Server you should do this ‘elevated’ / run as admin.
2. Check your existing Exchange Certificate using Get-ExchangeCertificate cmdlet
   

   Get-ExchangeCertificate

3. Check the values ‘NotAfter’ and ‘NotBefore’. These values show you the validity period for the certificate. Note down the value ‘Thumbprint’ – this value identifies the certificate. We need that value a later step.
4. Now create a new Exchange Certificate using the New-ExchangeCertificate cmdlet.
   

   New-ExchangeCertificate

5. Now you have to enable the new generated certificate using ‘Enable-ExchangeCertificate’ cmdlet. To do this, you need to specify the ThumbPrint of the certificate and the desired Services. In this illustration we enable the certificate for IMAP, POP, IIS and SMTP.
   

   Enable-ExchangeCertificate

6. Now it’s time to clean up. Using Remove-ExchangeCertificate you can remove the old and expired Exchange Certificate. As mentioned in Step 2 / 3 you now need the ThumbPrint value of the old certificate to successfully execute this cmdlet
   

   Remove-ExchangeCertificate

Other cmdlets that relate to this issue are:

Import-ExchangeCertificate
Export-ExchangeCertificate

Now you’re done. If you have any suggestions, corrections or additions, feel free to write a comment.