Microsoft Exchange and Active Directory Blog
In addition to Let's Encrypt, WoSign also offers free SAN certificates for Exchange servers, for example. The advantage of WoSign: The certificates are valid for up to 3 years: WoSign is a Chinese CA whose root certificate can be found in all common browsers and operating systems. Take Windows as an example: WoSign certificates are therefore trustworthy on most devices. Since I ... Read more
Update 12.01.17: This article is outdated, here is an updated version: Exchange 2016: Free certificates from Let's Encrypt The new CA "Let's Encrypt" has been in the public beta phase for a few days now. The aim of Let's Encrypt is to issue SSL certificates easily. The certificates are also free of charge. The CA will ... Read more
Anyone who has not yet thought about replacing their SHA1 certificates with SHA256 (also known as SHA2) should not wait too much longer. Microsoft has announced that it will no longer support SHA1 certificates from June 2016 and will therefore block them. A corresponding entry can be found here: http://blogs.windows.com/msedgedev/2015/11/04/sha-1-deprecation-update/ Mozilla has also ... Read more
Nach dem Erneuern des Zertifikats für Exchange Server 2013 und Exchange Server 2016 (denke auch bei Exchange 2010), kommt es nach dem Neustart des IIS Servers zu folgendem Event: [OWA] Failed to load SSL certificate Das Anmelden an OWA oder ECP ist dann nicht mehr möglich, es erscheint nach der Eingabe von Benutzername und Passwort … Read more
The Windows CA is able to send mails to inform about processes. For example, when the service is stopped or started. However, it is not easy to configure manually. I have therefore slightly modified a script from the Technet so that it also works if the CA has not yet issued any certificates. Simply ... Read more
Certificates from an Active Directory integrated certification authority can be easily requested via MMC. However, if you want to buy a certificate, you need a certificate request that can be submitted to the CA. Unfortunately, ECP offers few options for configuring the request and the subsequent certificate. The way via the Exchange Shell works much better. The command is ... Read more
All certificates have an expiration date, which is usually a long time in the future. Who remembers a certificate that was purchased 2 years ago or even longer? Some CAs send reminder e-mails, but not all. For internal CAs, the CA reporter may be able to help. If you only have a few purchased certificates, you can use Excel ... Read more
From 01.01.2016, Microsoft will declare SSL certificates with SHA1 as the hash algorithm invalid. Web servers or services that use certificates with SHA1 will therefore trigger certificate warnings in the user's browser. Therefore, SHA1 certificates should be replaced slowly but surely. In order for an internal CA to issue certificates with SHA256 (SHA2), the CA must ... Read more
Viele Mails die mich erreichen, drehen sich immer wieder um Zertifikate. Daher habe ich einen kleinen Assistent mittels PowerShell erstellt, das einem ein bisschen Arbeit mit den Zertifikaten abnimmt. Es sucht sich automatisch die entsprechenden DNS-Namen, fordert das Zertifikat von einer Windows CA an und installiert es auf allen Exchange 2013 Servern. Ganz ohne etwas Handarbeit geht … Read more
Heute wollte ich nur schnell ein Zertifikat über Zertifikatsvorlagen beantragen, aber wie es denn eben so ist. Folgende Fehlermeldung: Es wurden keine Zertifikatsvorlagen gefunden. Sie verfügen nicht über ausreichend Rechte, um ein Zertifikat von dieser Zertifizierungsstelle anfordern zu können, oder beim Zugriff auf das Active Directory ist ein Fehler aufgetreten. Ich hab aussagekräftige Fehlermeldung, aber … Read more
