We have been using an Exchange 2010 mail server for a year now. Today the certificates used in Exchange, as well as of Forefront TMG expired.
We had the following certificate chain: Root CA issued a sub CA a certificate that has expired today as well.
SubCA issued a whole bunch of certificates (in the issued list), but from what I understand, the main is CSPO and CA certificate.
I have access to all servers in pay for mailflow: RootCA, SubCA, Exchange, Forefront.
What will be the outline of actions I need to take, to get back the mail running?
Thank you.
Best Answer
I ended up figuring out the solution myself.
The steps I needed to take are:
Renew the OCSP certificate for OCSP Responders to work properly
certutil -setreg ca\UseDefinedCACertInRequest 1
Renew the Exhcange server certificate by:
a) Creating a renew request on an expired certificate in EMC. Result -> *.req file. b) Copy the req file to a SubCA. c) Run the following command on SubCA
Result -> *.cer file generated.
d) copy the cer file to EMC computer and use it to finish the new certificate enrollment request.