Outlook: Expired Security Certificate
NB. This article is intended for a highly technical audience.
Outlook prompts: The Security certificate has Expired or is not yet valid. This occurs when the default certificate created by Exchange 2007 expires (by default a year later). This can be resolved by creating a new certificate using Exchange Management Shell in elevated mode.
- First, determine a list of the certificates in use:
- Next, determine which one has expired:
Get-ExchangeCertificate | select-object Thumbprint, NotAfter
(The Thumbprint shown will not be the full thumbprint due to column formatting.)
Note the Subject of the expired certificate from the first command, eg something like CN=remote.domain.com
- Create a new certificate:
new-exchangecertificate -SubjectName CN=remote.domain.com -services:IIS,SMTP,POP,IMAP
(Answer Y when prompted.)
- Delete the expired certificate(s):
remove-exchangecertificate -thumbprint <thumbprint from step 1>
Note: if you operate Outlook Web Access or Outlook Anywhere on a binding aside from the default of via port 443, you may need to assign the new certificate to that binding in Internet Information Services.