Microsoft Exchange and Active Directory Blog
Sophos UTM 9.6 now also offers the long-awaited support for free Let's Encrypt certificates. Although the UTM only supports the ACMEv1 protocol and therefore cannot request wildcard certificates, SAN certificates with up to 100 DNS names can be requested automatically. Brief overview of Let's Encrypt Let's Encrypt is a certification authority (CA) that ... Read more
I have now received several emails with questions about the Exchange backend certificate, so here is a short article about it. In most cases, the backend certificate was deleted during cleanup. The following article deals with the function and necessity of the backend certificate and also how to restore it if it has been accidentally deleted. What ... Read more
I can now announce that the current version of the Certificate Assistant for Let's Encrypüt now also supports Exchange 2010 and Server 2008 R2. I have updated the download again and there are now 3 versions of the script included: So the following operating systems are now supported: Windows Server 2008 R2 Windows Server 2012 R2 Windows ... Read more
Sophos recently released an update for UTM 9.5. With this update, the email protection algorithms have also been adapted with regard to the signing of emails using S/MIME: S/MIME Encryption updates: This release brings changes to the S/MIME feature to fully conform with new GDPR regulatory requirements for encryption. Core to these changes are new algorithms ... Read more
Last Monday I published a revised version of the Exchange Certificate Assistant. The last version previously only supported Exchange 2016 on Windows Server 2016. The current version now also supports Windows Server 2012 R2 and Exchange 2013. Also new is the possibility to send the notification mails with authentication on the SMTP server. In addition, ... Read more
Anyone using Exchange 2016 in conjunction with a wildcard certificate should also configure the receive and send connectors accordingly. This may also be necessary for SAN certificates. If the SAN certificate contains the domain name as the "Common Name (issued for)" and not the corresponding server name of the Exchange server, problems may occur, for example, when encrypting the SMTP connection using STARTTLS. ... Read more
DKIM, also known as DomainKeys, is a procedure for determining the authenticity of emails. The basic functionality is explained quite simply: The sending mail server calculates a hash value for each mail it sends and appends this hash to each mail in the e-mail header. The receiving mail server can evaluate the signature and also determine the ... Read more
Google has announced that it will withdraw its trust from Symantec CAs (certification authorities) from 2018. A corresponding article can be found in the Google Security Blog: Chrome's Plan to Distrust Symantec Certificates Specifically, this means that websites or services that work with certificates issued by Symantec will no longer be considered trustworthy by Chrome.This affects all certificates issued before 01.06.2016 ... Read more
Let's Encrypt announced today that free wildcard certificates will also be issued from January 2018. Wildcard certificates (e.g. *.frankysweb.de) can be used to secure an entire domain via SSL with one certificate. With other certification authorities, wildcard certificates cost quite a bit of money, the cheapest wildcard certificate I know so far is just under 280 EUR for ... Read more
After the "Exchange 2016 Autodiscover Whitepaper" was very well received and has over 6000 downloads, there was a small vote from April to May on a new topic for the next whitepaper. A total of 637 people took part in the vote, with the topic "Exchange and certificates" receiving the most votes. Here is the final ... Read more
