In Microsoft Exchange on-prem, there is an internal certificate that is bound to the back-end web site. This certificate is self-signed and valid for 5 years. It is called
Micorosoft Exchange
The subject of the certificate is the server name itself. Find below the procedure to renew this certificate. It does not matter if the certificate is already expired or still valid.
Start the Exchange Management Shell
Get the thumbprint of the current certificate:
Get-ExchangeCertificate | where {$_.FriendlyName -like "Microsoft Exchange"} | Format-List FriendlyName,Subject,CertificateDomains,Thumbprint,NotBefore,NotAfterCreate the new Exchange Certificate, by using the thumbprint you got from the step before:
Get-ExchangeCertificate -Thumbprint "C52645622195BA8AB837962923764B3F767466AE" | New-ExchangeCertificate -Force -PrivateKeyExportable $falseCopy the certificate to the Trusted Root Certification Authorities store, so it is trusted on the server (by using certlm.msc).
In IIS Manager, make sure that the new certificate is bound to the Backend and the third-party certificate is bound to the Default web site.
From EAC remove the old "Microsoft Exchange" certificate
From certlm.msc, under Trusted Root Certification Authorities, remove the old certificate
This is it. You should now be good for the next 5 years.
There is another self-signed Exchange certificate. If you need to renew that one, use this procedure: