Microsoft Exchange and Active Directory Blog
All certificates have an expiration date, which is usually a long time in the future. Who remembers a certificate that was purchased 2 years ago or even longer? Some CAs send reminder e-mails, but not all. For internal CAs, the CA reporter may be able to help. If you only have a few purchased certificates, you can use Excel ... Read more
From 01.01.2016, Microsoft will declare SSL certificates with SHA1 as the hash algorithm invalid. Web servers or services that use certificates with SHA1 will therefore trigger certificate warnings in the user's browser. Therefore, SHA1 certificates should be replaced slowly but surely. In order for an internal CA to issue certificates with SHA256 (SHA2), the CA must ... Read more
Another addition to the *Reporter family, the CA Reporter is ready. CA Reporter creates a report on the certification authority and its certificates in a very similar way to Exchange Reporter. The following functions are included so far: Status of the CA Status of the root certification authority certificate Status of the revocation lists Users with access to the CA Overview of certificate templates Overview of certificates that have already expired ... Read more
Many of the emails I receive are always about certificates. I have therefore created a small wizard using PowerShell that takes some of the work out of dealing with certificates. It automatically searches for the corresponding DNS names, requests the certificate from a Windows CA and installs it on all Exchange 2013 servers. Without any manual work ... Read more
Currently there seems to be a bug in the Sophos UTM that prevents a TLS connection from being established. The log file of the sender's MTA then contains entries with the message "TLS handshake failed". Here is an example from Clearswift: There is also a message about this in the Sophos forum: https://www.astaro.org/local-language-forums/german-forum/54875-bug-9-210-20-smtp-send-receive.html Apparently ... Read more
E-Mail Made in Germany, NSA scandal, warning letters for mail server operators etc etc etc... Encryption is currently on everyone's lips. But it's not enough just to quickly attach a certificate to the Exchange server. If you want to have a secure environment (according to the current definition...), you have to think about a few more things. One thought ... Read more
Message Analyzer is the successor to Network Monitor. Do not misunderstand: Message Analyzer is not used to analyze mails, but to see what is happening on the line, similar to Network Monitor or Wireshark.
The big advantage of Message Analyzer is that it can decrypt encrypted connections if the private key is available. This makes Message Analyzer a great tool for error analyzers. Among other things, of course, also for mail problems via encrypted connections.
Click here to download:
In the last part of this series of articles, we will deal with the publication of certificates and revocation lists via HTTP. Part 1 and part 2 can be found here: https://www.frankysweb.de/server-20082012-pki-installieren-teil-1/ https://www.frankysweb.de/server-20082012-pki-installieren-teil-2/ First create a new share on the server that will later deliver the revocation lists and certificates via HTTP. I have created the share in the last ... Read more
In part 1, the root CA was installed, which will later be taken offline (i.e. shut down). Now, however, we will first take care of the sub-CA that is to be integrated into Active Directory. This is the second part of the PKI installation. The first step is to publish the certificate and the revocation list of the root CA in the Active Directory. The easiest way to do this is ... Read more
A certification authority is quickly installed under Windows Server. Essentially, the "Certification authority" role is added, "Next" is clicked a few times and you have a CA that can issue all possible certificates. So you have a PKI, which works, but is bad. A PKI and its CAs need to be well planned, and this involves ... Read more
