Sophos UTM 9.6: Free Let's Encrypt certificates

Sophos UTM 9.6 now also offers the long-awaited support for free Let's Encrypt certificates. Although the UTM only supports the ACMEv1 protocol and therefore cannot request wildcard certificates, SAN certificates with up to 100 DNS names can be requested automatically. Brief overview of Let's Encrypt Let's Encrypt is a certification authority (CA) that ... Read more

Exchange 2016: Recreate backend certificate

I have now received several emails with questions about the Exchange backend certificate, so here is a short article about it. In most cases, the backend certificate was deleted during cleanup. The following article deals with the function and necessity of the backend certificate and also how to restore it if it has been accidentally deleted. What ... Read more

Certificate Assistant: Now also for Exchange 2010 and Server 2008 R2

I can now announce that the current version of the Certificate Assistant for Let's Encrypüt now also supports Exchange 2010 and Server 2008 R2. I have updated the download again and there are now 3 versions of the script included: So the following operating systems are now supported: Windows Server 2008 R2 Windows Server 2012 R2 Windows ... Read more

Sophos UTM 9.508-10: Signing mails using S/MIME problematic

Sophos recently released an update for UTM 9.5. With this update, the email protection algorithms have also been adapted with regard to the signing of emails using S/MIME: S/MIME Encryption updates: This release brings changes to the S/MIME feature to fully conform with new GDPR regulatory requirements for encryption. Core to these changes are new algorithms ... Read more

Certificate Assistant now also for Exchange 2013 and Server 2012 R2

Last Monday I published a revised version of the Exchange Certificate Assistant. The last version previously only supported Exchange 2016 on Windows Server 2016. The current version now also supports Windows Server 2012 R2 and Exchange 2013. Also new is the possibility to send the notification mails with authentication on the SMTP server. In addition, ... Read more

Exchange 2016: SMTP Connector and wildcard / SAN certificates

Anyone using Exchange 2016 in conjunction with a wildcard certificate should also configure the receive and send connectors accordingly. This may also be necessary for SAN certificates. If the SAN certificate contains the domain name as the "Common Name (issued for)" and not the corresponding server name of the Exchange server, problems may occur, for example, when encrypting the SMTP connection using STARTTLS. ... Read more

Sophos UTM and DKIM

DKIM, also known as DomainKeys, is a procedure for determining the authenticity of emails. The basic functionality is explained quite simply: The sending mail server calculates a hash value for each mail it sends and appends this hash to each mail in the e-mail header. The receiving mail server can evaluate the signature and also determine the ... Read more

Google Chrome will no longer trust Symantec CAs from 2018

Google has announced that it will withdraw its trust from Symantec CAs (certification authorities) from 2018. A corresponding article can be found in the Google Security Blog: Chrome's Plan to Distrust Symantec Certificates Specifically, this means that websites or services that work with certificates issued by Symantec will no longer be considered trustworthy by Chrome.This affects all certificates issued before 01.06.2016 ... Read more

Let's Encrypt: Free wildcard certificates from January 2018

Let's Encrypt announced today that free wildcard certificates will also be issued from January 2018. Wildcard certificates (e.g. *.frankysweb.de) can be used to secure an entire domain via SSL with one certificate. With other certification authorities, wildcard certificates cost quite a bit of money, the cheapest wildcard certificate I know so far is just under 280 EUR for ... Read more