Windows EBS Certificate Services server role is installed on the Management Server. To renew the self signed certificates for the Security Server (TMG), and the Messaging Server (Exchange 2007), you need to use the Update Certificates Wizard installed on the Management Server. Certificates that are issued by Windows EBS Certificate Services, are typically valid for two years. It is important that they are renewed before the expiration date.

The Update Certificates Wizard is used to renew the following certificates:

• Messaging Server: This certificate is used for SSL connections to Internet Information Services (IIS) websites, such as Outlook Web Access and Outlook Anywhere.

• Security Server: This certificate is used by Forefront TMG to publish the Terminal Services Gateway and SSL websites in your network.

To Renew Messaging Server (Exchange 2007) Self Signed SSL Certificate, launch “the update Certificates “Wizard:

• Click Start, point to All Programs, click Windows Essential Business Server, click Tools, and then click Update Certificates.
• On User-Account Details section, enter the User Credentials (domain administrator).
• On the Choose Certificates section, Choose “Messaging Server Certificate”, you will notice that the existing SSL details are displayed on this section.
• Then Click update. Then Finish.

Please note that renewing the Messaging Server (Exchange 2007) self signed certificate directly from IIS running on Exchange server might not work. It is very important that the Update Certificates Wizard is used.