Robert published a HOW TO articel on his blog a while ago on how to renew the EBS Exchange servers SSL Certifikates for the CAS role:
We needed a new certificate on our Exchange 2007 CAS server including the autodiscover prefixes in the SAN, so I wanted to submit a new request to our internal CA.
The process was as follows:
1) Use the Digicert tool https://www.digicert.com/easy-csr/exchange2007.htm to quickly get the command line required including the SANs
2) Enter the command line (New-ExchangeCertificate) on to the exchange server (in our case our EBS messaging server)
3) Submit the created request file to our internal CA (EBS Management Server). This is where the problem arose - when trying to process the request from the certification authority MMC, I got an error 0x80094801 - the request contains no certificate template information.
The solution is to use certreq.exe with the following paramaters to specify the template to be used:
certreq -submit -attrib "CertificateTemplate:WebServer" request.txt
4) Process the pending request on the messaging server using IIS
5) Use Get-ExchangeCertificate to list the available certificates
6) Copy the thumbprint from the output of 5) and use Enable-ExchangeCertificate to enable the new cert for the web services.
Enable-ExchangeCertificate -Thumbprint THUMBPRINT -Services IIS
And we should be good to go!