If the "Microsoft Exchange Server Auth Certificate" certificate isn't present on Exchange servers in the organization, follow these steps to create and deploy a new OAuth certificate to the Exchange server:
Create a new OAuth certificate by running the following command:
New-ExchangeCertificate -KeySize 2048 -PrivateKeyExportable $true -SubjectName "cn=Microsoft Exchange Server Auth Certificate" -FriendlyName "Microsoft Exchange Server Auth Certificate" -DomainName "contoso.com"
Note Change the value of the DomainNameparameter in the example (contoso.com) to the SMTP ___domain that's used in your organization.
Set the created certificate to be used for server authentication by running the following commands:
Set-AuthConfig -NewCertificateThumbprint <ThumbprintFromStep1> -NewCertificateEffectiveDate (Get-Date)
Set-AuthConfig –PublishCertificate
Set-AuthConfig -ClearPreviousCertificateRestart the Microsoft Exchange Service Host Service.
Either run the IISReset command to restart IIS or run the following commands (in elevated mode) to recycle OWA and ECP Application pools:
Restart-WebAppPool MSExchangeOWAAppPool
Restart-WebAppPool MSExchangeECPAppPoolNoteIn some environments, it may take an hour for the OAuth certificate to be published.