I recently renewed the Unified Communications Certificate on our Exchange 2007 server, well, a couple of months back. Anyway, today we started having a few issues with mails not sending via secure SMTP, and today was roughly when the previous certificate was due to expire. The webmail site was still working and looking at the certificate in the browser showed the correct certificate. After some research it turned out that the different services (IMAP, POP, UM, IIS, SMTP) were using different certificates.
This was all fixed via the Exchange Management Shell, and these are the commands that I used:
List all the certificates for the Domain:
Get-ExchangeCertificate –DomainName my.domain.dom
List all the xcertificates on the box:
Get-ExchangeCertificate
List all the certificates on the box in detail, and wait after each page:
Get-ExchangeCertificate | Format-List * | More
Take note of the Thumbprint of the most recent certificate, and the one you want to use, as you will need this later.
As I already had imported the certificate that I wanted to use I could simply enable it for SMTP. If you haven’t imported it, you need to run this command first:
Import-ExchangeCertificate –Path c:\mydomain.cer
Then, once imported, you can enable it for the various services by writing the service names in brackets, separated by commas at the end of the command (see here):
Enable-ExchangeCertificate -Thumbprint [paste thumbprint here] -Services “SMTP, IMAP, POP, IIS”
Once this command had ran, secure SMTP started working again, and everybody in the office lived happily ever after, the end.