Every year of use of an Exchange 2007 CAS server, you need to renew the self signed certificate... Here is an article explaining how to do it : Exchange Server 2007 issues itself a self-signed certificate for use with services like SMTP, IMAP, POP, IIS and UM. The certificate is issued for a period of one year. The self-signed certificate meets an important need - securing communication for Exchange services by default. Nevertheless, one should treat these self-signed certificates as temporary. It's not recommended to use these for any client communication on an ongoing basis. For most deployments, you will end up procuring a certificate from a trusted 3rd-party CA (or perhaps an internal CA in organizations with PKI deployed). However, should you decide to leave the self-signed certificate(s) on some servers and continue to use them, these need to be renewed - just as you would renew certificates from 3rd-party or in-house CAs. To renew the certificate for server e12postcard.e12labs.com, a server with CAS and HT roles installed: Get-ExchangeCertificate -domain "e12postcard.e12labs.com" | fl Note the services the certificate is enabled for (by default: POP, IMAP, IIS, SMTP on CAS + HT servers). Copy the thumbprint of the certificate. Get a new certificate with a new expiration date: Get-ExchangeCertificate -thumbprint "C5DD5B60949267AD624618D8492C4C5281FDD10F" | New-ExchangeCertificate The end of the how to is on : http://exchangepedia.com/blog/2008/01/exchange-server-2007-renewing-self.html