Replace Wildcard SSL Cert with renewed one

Article
2020-06-19

Question

_{Friday, June 19, 2020 2:10 PM}

Using a Wildcard SSL Cert for several services in our onsite Exchange 2016 server. Prior to expiration, our manager went through the renewal process for the cert and provided us with the PFX, Wildcard X509, intermediate and root certificates. I imported the new wildcard cert through the EAC "Import Exchange Certificate" option and I received an error that "a certificate with the thumbprint already exists". Ok, I get it, as this imported certificate is just an updated version of the existing cert. I can see the new cert in MMC and it looks identical to the existing, except for the extend expiration date. What is the best way to apply this updated certificate? Should I simply delete the existing one through MMC, then refresh the EAC view hoping the new one will appear as an option under the new friendly name? Or should I delete the new certificate from MMC and go through the Renew process in EAC and not submitting the CSR but immediately go to the Complete section and import the already supplied certificate?

All replies (3)

_{Monday, June 22, 2020 8:11 AM}

>> I imported the new wildcard cert through the EAC "Import Exchange Certificate" option and I received an error that "a certificate with the thumbprint already exists".

By this, do you mean you directly clicked the “Import Exchange Certificate button” to import the new cert?

Generally, steps involved for renewing an SSL cert are as follows:

Generating the renewal CSR, see Renew an Exchange Server certificate.
Submitting the CSR to the CA.
Installing the certificate that the CA provides to you.

So if you haven’t taken the above steps, it’s suggested to delete the new imported cert, then start by creating a renewal CSR. For more detailed instructions, you may refer to the article below:
Renewing an SSL Certificate for Exchange Server 2013
（Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.）

Regards,

Yuki Sun

Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact [email protected].

_{Monday, June 22, 2020 12:36 PM}

We are currently using a wildcard cert for our Exchange servers and several other servers. Our manager has already gone through the process of submitting the CSR from another server and has received the updated wildcard certificate. I need to know how to apply this new wildcard to our Exchange servers, replacing the current wildcard. From some digging around, I think I'm going to have to remove the current wildcard cert from EAC, delete it from the server, then import this new wildcard cert and re-assign services to it. Basically, treat it as a completely different certificate, even though it is just an update of the existing wildcard cert.

_{Tuesday, June 23, 2020 9:52 AM}

We are currently using a wildcard cert for our Exchange servers and several other servers. Our manager has already gone through the process of submitting the CSR from another server and has received the updated wildcard certificate. I need to know how to apply this new wildcard to our Exchange servers, replacing the current wildcard. From some digging around, I think I'm going to have to remove the current wildcard cert from EAC, delete it from the server, then import this new wildcard cert and re-assign services to it. Basically, treat it as a completely different certificate, even though it is just an update of the existing wildcard cert.

Hi,

Thanks for your clarification. As the CSR process has been completed from another server, then agree with you that you can delete the old cert first, then import the new valid certificate and re-assign the services.
Import or install a certificate on an Exchange server
Assign certificates to Exchange Server services