Exchange 2016: OPNsense, HAProxy and Let's Encrypt

OPNSense is a fork of the well-known open source firewall PFSense, I personally like OPNSense better, the GUI is tidier, there is a REST api and the most important plug-ins are also available. As there is a plugin for HAProxy and also for Let's Encrypt for OPNSense, I have started testing this combination in conjunction with Exchange 2016. OPNSense ... Read more

Exchange 2010: Using certificates from Let's Encrypt (Part 2)

Part 1 has already covered the preparations for Let's Encrypt certificates and Exchange 2010. This article therefore builds directly on Part 1. In part 1, the Exchange organization was adapted accordingly, so part 2 continues directly with the configuration of the public DNS. I forgot to mention that the ... Read more

Exchange 2010: Using certificates from Let's Encrypt (Part 1)

Certificates from Let's Encrypt are becoming increasingly popular, which is hardly surprising as the certificates are free and there are simple clients to obtain the certificates. Let's Encrypt certificates are only valid for 3 months, but the available clients take care of renewing the certificates. Exchange 2016 can even be managed with a small PowerShell ... Read more

Sophos UTM and Let's Encrypt certificates

I stumbled across an interesting workaround for Sophos UTM and Let's Encrypt certificates today: https://github.com/rklomp/sophos-utm-letsencrypt René has taken the trouble to create a script that can automatically renew Let's Encrypt certificates on Sophos UTM. The implementation is relatively simple and worked right away in my test environment. Since the ... Read more

Exchange 2016: Certificate Wizard for Let's Encrypt

I had already announced that the certificate wizard would receive an update for Let's Encrypt. The version for Exchange 2016 is now ready. The certificate wizard can fetch a certificate from Let's Encrypt with just a few entries and then renew it fully automatically. I have tested this script so far with Windows Server 2016 and Exchange Server 2016. Tests ... Read more

Exchange 2016: Renew Let's Encrypt certificate

In a previous article, I already described how the free Let's Encrypt certificates can be requested and assigned to Exchange services using PowerShell. I am currently working on automating the entire process from requesting the Let's Encrypt certificate to automatic renewal using PowerShell. The goal is a fire-and-forget script for the Exchange certificates, let's ... Read more

Apple, ActiveSync and StartCom / StartSSL / WoSign

I am currently receiving a lot of inquiries about ActiveSync and Apple devices. Apple devices do not want to establish an ActiveSync connection with Exchange using the integrated Mail app. So if you find your environment in the following description, you will run into the problem described: Apple devices with the integrated mail app (iPhone, iPad) The SSL certificate comes from StartCom / StartSSL ... Read more

Exchange 2016: Determine DNS names for certificates (Quick & Dirty)

The DNS names of the configured URLs of the virtual Exchange directories are relevant for the SSL certificate. The corresponding DNS names must be available on the certificate as SAN (Subject Alternate Name). This small script lists all configured DNS names of the Exchange 2016 servers. This allows the certificate to be requested and issued accordingly. $AllExchangeServers = Get-ExchangeServer foreach ($ExchangeServer in $AllExchangeServers) ... Read more

Exchange 2016: Free certificates from Let's Encrypt

Foreword The certification authority Let's Encrypt has been offering free certificates for some time now. I wrote an article on this topic back in December 2015, but the Windows client wasn't working reliably at the time, so I had to take a detour via a Linux computer. A little over a year has now passed and I have ... Read more