SMTP certificate renewal and EDGE subscription

1. Import new certificate
To import certificate to local certification store run:

2. Connect pending request to certificate
If step 1 failed to connect certificates together inside certification store run:

3. Enable new Exchange certificate for SMTP service
Before certificate can be used, it must have been enabled for particular services.


4. Restart transport service and AD LDS service
At this moment e-mail stop to flow to this EDGE server, because AD LDS is using new certificate and Edge is subscribed via old one.

5. Create subscription file (XML) on Edge server ans copy it to HUB server
We don´t need to create connectors for EDGE Subscription, since those are already created. EDGE must be subscribed to AD site within 24 hours after creation of subscription file.


6. Subscribe EDGE server on HUB by subscription file (XML).
We need to re-create trusted connection between Edge server and HUB servers. Subscription needs to be re-created, because AD LDS needs to use new certificate instead of old one. It is enough to subscribe each EDGE server once per subscription.

7. Restart EDGE server
Just to be sure all settings are applied before tests.

8. Test Edge Subscription
If the test is not successful you receive error.

Successful result:

9. Test mailflow

10. To start Edge synchronisation manually


TechNet Link:




Published by

Tomasz Chlebek

IT Architect with over 20 years experience.