Microsoft Exchange and Active Directory Blog
Since the Exchange Server April 2024 Hotfix Update, Exchange Server 2019 also supports ECC (Elliptic Curve Cryptography) certificates. However, there are a few things to bear in mind when using ECC certificates. In the following article, we take a look at what you need to consider. What are ECC certificates ECC certificates (Elliptic Curve Cryptography) are certificates that are based on ... Read more
The validity of certificates can be checked either via OCSP (Online Certificate Status Protocol) or classically via a revocation list (CRL). The basic revocation list of a Microsoft Windows certification authority is valid for 7 days by default. In some cases, this is too long, as a certificate may still be valid after revocation. Read more
This short HowTo is about the configuration of OCSP (Online Certificate Status Protocol) or the "Online Responder" role on Windows Server 2022. OCSP (Online Certificate Status Protocol) is a protocol that is used within the PKI. It enables the status of certificates to be checked in real time. Instead of checking the validity of certificates in long revocation lists (Certificate Revocation ... Read more
Most people will know Let's Encrypt as a free and open certification authority. Let's Encrypt uses the ACME (Automatic Certificate Management Environment) protocol to issue valid certificates for all kinds of services and systems with minimal administrative effort. Let's Encrypt is particularly suitable for all systems and services that are publicly accessible, as the issuing process for ... Read more
Über die Konfiguration von Zertifikaten auf Exchange Servern habe ich ja schon mehrfach geschrieben, meistens habe ich da allerdings die Front End Zertifikate behandelt. Exchange Server verfügen aber auch über ein Back End welches mit einem selbst signierten Zertifikat konfiguriert ist. Das Back End Zertifikat muss nicht gegen ein öffentlich gültiges Zertifikat oder durch ein … Read more
Seit dem CU12 für Exchange 2019 und dem CU23 für Exchange 2016 können Zertifikate nicht mehr einfach via Exchange Admin Center angefordert oder importiert werden. Hintergrund ist eine Änderung an den CMDLets „New-ExchangeCertificate“, „Import-ExchangeCertificate“ und „Export-ExchangeCertificate“, hier können nun keine UNC Pfade mehr verwendet werden. Im Exchange Admin Center gab es vor CU12 und CU23 … Read more
By default, Windows servers use self-signed certificates for the RDP connection. The self-signed certificates then cause a certificate warning when the RDP connection to a Windows server is established: This warning can be avoided by automatically rolling out certificates from a Windows certification authority on the servers and renewing them if necessary. The installation ... Read more
I recently had the requirement to export all valid certificates of a Windows certification authority so that the certificates could be entered into a certificate management software. I therefore created a small PowerShell script that exports all certificates that are still valid at the time the script runs to a folder. Since only ... Read more
Nach der Installation der Juli Sicherheitsupdates kann es passieren, dass das Exchange Administrative Center (EAC) und OWA nicht mehr geöffnet werden können. Die Ursache ist ein abgelaufenes Zertifikat für die Exchange Server OAuth Authentifizierung. Auch Microsoft weißt auf dieses Problem in den Release Notes der Updates hin. Leider überliest man die Hinweise zu den Updates … Read more
During a server migration, the problem occurred that a certificate could not be exported. During the migration, only the operating system was to be replaced with a current version and the certificate was to continue to be used if possible. In this specific case, it was a wildcard certificate, but the setting "Private key ... Read more
