How to Update Expired SSL Certificates on the Office 365 Application Endpoint Host

This section describes how to update expired SSL certificates on the Office 365 Application Endpoint Host.

To update an expired Office 365 Gateway site SSL certificate, perform the following actions:

  1. Log on to the Office 365 Application Endpoint Host as an administrator.
  2. Prepare a new site SSL certificate with the same hostname as in the expired site SSL certificate.
  3. Place the new site SSL certificate on the host.

  4. Import the new site SSL certificate.

    Open the Microsoft Management Console (MMC) and add the Certificates snap-in:

    1. In the top menu, go to File > Add/Remove Snap-in.
    2. Select the Certificates snap-in and click Add.
    3. Select the Computer account option and click Next.
    4. Select the Local computer option and click Finish.
    5. Click OK.

    Go to the Personal folder and choose the All Tasks > Import... command in the right-click pop-up menu. Follow the Certificate Import Wizard instructions to import the new site SSL certificate.

  5. Go to the Personal > Certificates folder and remove the expired site SSL certificate.
  6. Go to the Personal > Certificates folder. Right-click the new site SSL certificate and choose the All Tasks > Manage Private Keys... command in the pop-up menu.
  7. Add the IIS AppPool\<Office 365 application endpoint site name in IIS Manager console> Application Pool Identity Account to the list using the Add... button.
  8. Select the added Application Pool Identity Account and grant the Read permission by selecting the respective checkbox in the permissions list.
  9. Open the IIS Manager console.
  10. Go to Sites > <your_site>, click Bindings in the right area.
  11. Select the https binding and click Edit.
  12. Make sure the new site SSL certificate is selected in the SSL certificate field.
  13. Click OK. Then, click Close.

© 2021 Ingram Micro, Inc. All Rights Reserved. Privacy Policy, Terms of Use and Legal