Microsoft Exchange and Active Directory Blog
Vor längerer Zeit habe ich den Exchange Certificate Assistant zum letzten Mal aktualisiert. Das Script verwendet POSH-ACME als Client um Let’s Encrypt Zertifikate automatisch anzufordern, jedoch kommt es mit dem Script immer mal wieder zu Problemen. Da es mittlerweile aber eine deutliche bessere Variante, welche ebenfalls Unterstützung für Exchange Server (und weitere Services) gibt, werde … Read more
Ursprünglich hatte ich den Plan aufgegeben noch ein Whitepaper zum Thema “Exchange und Zertifikate” zu schreiben. Jedoch scheint es noch sehr häufig Probleme bei der Konfiguration der Zertifikate in Verbindung mit Exchange Servern zu geben. Ein paar Artikel und Scripte gibt es hier ja bereits, jetzt folgt also doch noch ein umfangreiches Whitepaper zum Thema … Read more
In January of this year, I reported on free S/MIME certificates from WISeID. Unfortunately, I have since discovered that newly requested certificates from this CA are no longer considered trustworthy. I noticed this when I requested a new 1-year certificate from WISeID. The CA still issues the certificates, but ... Read more
I have already reported several times about the possibility of obtaining free S/MIME certificates for signing and encrypting emails. There are now only a few providers that still offer free certificates. Some of the providers mentioned in the previous articles either do not issue certificates at all or only issue certificates with a 90-day validity period. All 90 ... Read more
I have just uploaded a new version of the Exchange Certificate Assistant. The old version still uses the Let's Encrypt protocol ACMEv1, which is no longer supported by Let's Encrypt. The new version 3 of the Certificate Assistant now uses the PowerShell module Posh-ACME to automatically request certificates for Exchange Server via Let's Encrypt. Posh-ACME is ACMEv2 ... Read more
In this article, I already described how the Sophos UTM certificate can be exported via REST API. A few people have now reported that an automatic export and import for Exchange Server is interesting. I have therefore extended the script and successfully tested the export and import with Exchange Server 2016. ... Read more
Sophos UTM can now automatically request and renew certificates from Let's Encrypt. This function is particularly useful for web server protection (WAF). The certificate for the various WAF services is thus managed by the UTM and renewed accordingly before it expires. I have already received several requests from people who would like to use the ... Read more
In my last article about a free S/MIME certificate for signing and encrypting emails, I made a stupid mistake. In the last article, I recommended the CA DGNCert, which offers free S/MIME certificates, but the CA itself is not stored as a "Trusted Root Certification Authority" in Windows. So as long as the root certificate is not manually ... Read more
Update 25.02.2019: There is a new article here, as this article is no longer valid. Update 29.01.2019: See note/update at the end of the article. DGNcert is not stored as a trusted certification authority in Windows as I claimed. Therefore, please read the update at the end of the article first and then the comments. So far, Comodo has been a reliable ... Read more
MTA-STS (Mail Transfer Agent-Strict Transport Security, kurz STS) ist es recht neues Werkzeug um den Mail Versand und Empfang etwas sicherer zu gestalten. MTA-STS wurde mittlerweile als RFC-8461 verabschiedet und kann somit eingesetzt werden. Ähnlich wie bei DANE, werden für STS Informationen im DNS hinterlegt. Der große Unterschied ist aber: Für STS ist kein DNSSEC … Read more
