Exchange 2013 Cumulative Update CU 18 Fails – Certificate

When trying to install Exchange 2013 Cumulative Update 18 or others, update terminates with the following error:

The following error was generated when “$error.Clear();
Install-ExchangeCertificate -services IIS -DomainController $RoleDomainController
if ($RoleIsDatacenter -ne $true -And $RoleIsPartnerHosted -ne $true)
Install-AuthCertificate -DomainController $RoleDomainController
” was run: “System.Security.Cryptography.CryptographicException: The certificate is expired.
at Microsoft.Exchange.Configuration.Tasks.Task.ThrowError(Exception exception, ErrorCategory errorCategory, Object target, String helpUrl)
at Microsoft.Exchange.Management.SystemConfigurationTasks.InstallExchangeCertificate.InternalProcessRecord()
at Microsoft.Exchange.Configuration.Tasks.Task.<ProcessRecord>b__b()
at Microsoft.Exchange.Configuration.Tasks.Task.InvokeRetryableFunc(String funcName, Action func, Boolean terminatePipelineIfFailed)”.


This occurs when you have an expired SSL Certificate.

Open Manage Computer Certificates (you can search for it), under Personal and under Trusted Root Certification Authorities, look for any certificate that you might have installed in the past and that has expired.  You can sort by expiration date to easily find it.  Delete that certificate.

Go back and try to install the Cumulative Update again and I will restart from the stage at which it terminated.

After done and when you open the exchange Admin Center, it might open a blank page, go to IIS and make sure the frontend and backend sites are bound to an SSL certificate