In this post, I'll go over the steps and describe the process of renewing a certificate on an Exchange 2013 client access server.
This post assumes the following:
1. You're running Exchange 2013
2. You have an on-premise certificate authority (In this example, a Microsoft CA).
On to the work...
1. You do NOT want to use the built-in certificate renewal process found in Exchange 2013's ECP. This will only renew against the certificate against the server's own local CA!
Log on to the Exchange 2013 CAS.
Open a Run command, and type: mmc
Add the Certificate snap-in within this mmc for the local computer.
Under the Personal store, you will find the certificate that we need to renew.
Right-click the certificate, under All Tasks, select Renew Certificate with New Key.
The dialog shown next will walk you through renewing the certificate, all data for the certificate should be present since we are just renewing an existing certificate.
Once you finish the steps in this dialog, you're all done!
In some circumstances, you may run in to an issue that you do not have permissions to renew the certificate. In this case, you must logon to your CA server and add the appropriate group/computer account(s) for requesting and enrolling certificates for a given template. In this case again, you will want to add the computer account of the Exchange server since this object is requesting against your CA.
