Exchange/Outlook: A security certificate has expired or is not yet valid

A self-signed Microsoft Exchange 2007 Security Certificate is valid for a period of one year. After this period you’re required to re-issue a new certificate. This can be done using EMS (Exchange Management Shell) and the New-ExchangeCertificate CommandLet (cmdlet).

If you do not update / reissue the certificate, Outlook will complain about this issue displaying a Security Warning on the users display (this one’s in German).

Outlook_SecurityWarning Certificate not valid

Outlook_SecurityWarning Certificate not valid

Step-by-step (quick tutorial):

  1. Open a EMS (Exchange Management Shell). On Windows 2008 Server you should do this ‘elevated’ / run as admin.
  2. Check your existing Exchange Certificate using Get-ExchangeCertificate cmdlet

    Get-ExchangeCertificate

    Get-ExchangeCertificate

  3. Check the values ‘NotAfter’ and ‘NotBefore’. These values show you the validity period for the certificate. Note down the value ‘Thumbprint’ – this value identifies the certificate. We need that value a later step.
  4. Now create a new Exchange Certificate using the New-ExchangeCertificate cmdlet.

    New-ExchangeCertificate

    New-ExchangeCertificate

  5. Now you have to enable the new generated certificate using ‘Enable-ExchangeCertificate’ cmdlet. To do this, you need to specify the ThumbPrint of the certificate and the desired Services. In this illustration we enable the certificate for IMAP, POP, IIS and SMTP.

    Enable-ExchangeCertificate

    Enable-ExchangeCertificate

  6. Now it’s time to clean up. Using Remove-ExchangeCertificate you can remove the old and expired Exchange Certificate. As mentioned in Step 2 / 3 you now need the ThumbPrint value of the old certificate to successfully execute this cmdlet

    Remove-ExchangeCertificate

    Remove-ExchangeCertificate

Other cmdlets that relate to this issue are:

Import-ExchangeCertificate
Export-ExchangeCertificate

Now you’re done. If you have any suggestions, corrections or additions, feel free to write a comment.