The following powershell can be used to renew an exchange certificate using the enterprise CA:
$caserver="_certauthorityservername_"
$casservers=@("cas1","cas2","cas3")
$workpath="\\fileserver\c$\path\"
$orgunit="IT"
$org="_CompanyName_"
$loc="_City_"
$state="_State_"
$country="_2LetterCountryCode_"
$services="IMAP,POP,IIS,SMTP"
$year=get-date -Format yyyy
$domain=(Get-WmiObject Win32_ComputerSystem).Domain
$CA=($domain.Split(".")[0]) + "-${caserver}-CA"
foreach ($server in $casservers) {
New-ExchangeCertificate -GenerateRequest -RequestFile "${workpath}${server}-${year}.req" -SubjectName "CN=${server}.${domain}, OU=${orgunit}, O=${org}, L=${loc}, S=${state}, C=${country}" -DomainName ${server}.${domain} -Server ${server}
certreq -submit -config "${caserver}.${domain}\${CA}" -attrib "CertificateTemplate:WebServer" "${workpath}${server}-${year}.req" "${workpath}${server}-${year}.cer"
$cert=Import-ExchangeCertificate -Server ${server} -FileName "${workpath}${server}-${year}.cer" -FriendlyName "${server}-${year}"
Enable-ExchangeCertificate -Thumbprint $cert.Thumbprint -Services $services -Server $server -Force
}