Microsoft Exchange and Active Directory Blog
Since the Exchange Server April 2024 Hotfix Update, Exchange Server 2019 also supports ECC (Elliptic Curve Cryptography) certificates. However, there are a few things to bear in mind when using ECC certificates. In the following article, we take a look at what you need to consider. What are ECC certificates ECC certificates (Elliptic Curve Cryptography) are certificates that are based on ... Read more
The validity of certificates can be checked either via OCSP (Online Certificate Status Protocol) or classically via a revocation list (CRL). The basic revocation list of a Microsoft Windows certification authority is valid for 7 days by default. In some cases, this is too long, as a certificate may still be valid after revocation. Read more
It's been a while since I published an article here about Exchange Server and Let's Encrypt certificates. In the meantime, things have changed a bit and I'm getting a lot of requests on the topic, so I'm writing a new article. As you know, Let's Encrypt is a public certification authority, ... Read more
This short HowTo is about the configuration of OCSP (Online Certificate Status Protocol) or the "Online Responder" role on Windows Server 2022. OCSP (Online Certificate Status Protocol) is a protocol that is used within the PKI. It enables the status of certificates to be checked in real time. Instead of checking the validity of certificates in long revocation lists (Certificate Revocation ... Read more
Most people will know Let's Encrypt as a free and open certification authority. Let's Encrypt uses the ACME (Automatic Certificate Management Environment) protocol to issue valid certificates for all kinds of services and systems with minimal administrative effort. Let's Encrypt is particularly suitable for all systems and services that are publicly accessible, as the issuing process for ... Read more
A reader, who wishes to remain anonymous, has kindly sent me his scripts and configuration for Let's Encrypt, HAProxy and Exchange 2019 in conjunction with Extended Protection so that I can publish them here. First of all, I would like to thank you very much, because I think this configuration (HAProxy as a reverse proxy for Exchange, certificates via Let's ... Read more
By default, Windows servers use self-signed certificates for the RDP connection. The self-signed certificates then cause a certificate warning when the RDP connection to a Windows server is established: This warning can be avoided by automatically rolling out certificates from a Windows certification authority on the servers and renewing them if necessary. The installation ... Read more
I recently had the requirement to export all valid certificates of a Windows certification authority so that the certificates could be entered into a certificate management software. I therefore created a small PowerShell script that exports all certificates that are still valid at the time the script runs to a folder. Since only ... Read more
During a server migration, the problem occurred that a certificate could not be exported. During the migration, only the operating system was to be replaced with a current version and the certificate was to continue to be used if possible. In this specific case, it was a wildcard certificate, but the setting "Private key ... Read more
On an Exchange 2016 server that had configured its certificate from Let's Encrypt with the WIN-ACME client, the installation of a CU was aborted with an error at step 16 of 18: Here is the full test of the error message: Error: The following error was generated when "$error.Clear(); Install-ExchangeCertificate -services "IIS, POP, IMAP" -DomainController $RoleDomainController if ($RoleIsDatacenter ... Read more
