Microsoft Exchange and Active Directory Blog
This is the last part of the series of articles "Configuring certificates" for Exchange Server 2013 and Exchange 2016. The previous parts can be found here: Configuring certificates Part 1 Configuring certificates Part 2 Note: This part also builds on Part 1 and Part 2, so please be sure to read the first two parts first. This part is about ... Read more
This is the second part of the article series. As already announced in the first part, this article deals with the configuration. Important: Be sure to read the first part first, as this article builds directly on it. Exchange 2016 configuration The first part ended with the considerations for the URLs to be used to access Exchange. For the sake of simplicity ... Read more
I now receive emails every day with questions about certificates and/or Outlook Anywhere. The questions about Outlook Anywhere are usually also related to the certificates. In most cases, the emails end with a sentence similar to this one: Certificates are a red rag for me! The sentence comes from a mail that I received today ... Read more
Certificate warnings are annoying, regardless of the program. In this case, a remote desktop connection (RDP) warns of an invalid certificate. Everyone is probably familiar with this message: This is a "normal" Windows server, i.e. not a remote desktop host (terminal server), RDP is only activated here for administration purposes. In the standard configuration, Windows uses ... Read more
In addition to Let's Encrypt, StartSSL also offers free SAN certificates for up to 5 domains with a term of 1 year for free. The certificates are supported by all common browsers and devices. The advantage of StartSSL over Let's Encrypt is that the certificates are valid for 1 year, compared to only 3 months with Let's Encrypt. The certificates must be ... Read more
In addition to Let's Encrypt, WoSign also offers free SAN certificates for Exchange servers, for example. The advantage of WoSign: The certificates are valid for up to 3 years: WoSign is a Chinese CA whose root certificate can be found in all common browsers and operating systems. Take Windows as an example: WoSign certificates are therefore trustworthy on most devices. Since I ... Read more
Update 12.01.17: This article is outdated, here is an updated version: Exchange 2016: Free certificates from Let's Encrypt The new CA "Let's Encrypt" has been in the public beta phase for a few days now. The aim of Let's Encrypt is to issue SSL certificates easily. The certificates are also free of charge. The CA will ... Read more
Anyone who has not yet thought about replacing their SHA1 certificates with SHA256 (also known as SHA2) should not wait too much longer. Microsoft has announced that it will no longer support SHA1 certificates from June 2016 and will therefore block them. A corresponding entry can be found here: http://blogs.windows.com/msedgedev/2015/11/04/sha-1-deprecation-update/ Mozilla has also ... Read more
The Windows CA is able to send mails to inform about processes. For example, when the service is stopped or started. However, it is not easy to configure manually. I have therefore slightly modified a script from the Technet so that it also works if the CA has not yet issued any certificates. Simply ... Read more
Certificates from an Active Directory integrated certification authority can be easily requested via MMC. However, if you want to buy a certificate, you need a certificate request that can be submitted to the CA. Unfortunately, ECP offers few options for configuring the request and the subsequent certificate. The way via the Exchange Shell works much better. The command is ... Read more
