Originally I had given up the plan to write another white paper on the subject of "Exchange and certificates". However, there still seem to be very frequent problems with the configuration of certificates in connection with Exchange servers. There are already a few articles and scripts here, so now there will be a comprehensive whitepaper on the subject of certificates.
The white paper "Certificates for Exchange Server 2019" is aimed at all admins who are still having problems configuring SSL certificates for Exchange Server. I have also tried to explain the topic of encryption and certificates as simply as possible. This resulted in over 70 pages on this topic, so here is a small excerpt from the table of contents:
- Certificates: A simple overview of how they work
- Private and public key
- Overview: How HTTPS encryption works
- Asymmetric and symmetric encryption (simple)
- Certification bodies
- What is a certification body?
- Public CA
- Own CA / PKI
- Advantages and disadvantages
- Let's Encrypt
- Automatic certificates for Exchange Server
- File formats for certificates
- What formats are available
- Conversion between the formats
- Overview: Certificates and Exchange Server 2019
- Where does Exchange use certificates
- Dependencies
- Exchange 2019 sample configurations for your own PKI / public CA and Let's Encrypt
- Special features such as SSL Offloading and Perfect Forward Secrency
- Helpful tools and links
The white paper is also largely valid for Exchange 2016 and Exchange 2013. The white paper does not deal with the UM role, which is no longer included in Exchange 2019. If the UM role is not used, the white paper can also be used for Exchange 2013 and Exchange 2016.
Questions, improvements, criticism and suggestions regarding this whitepaper are welcome via the contact form. A small donation is also welcome:
The white paper is available in PDF format and can be downloaded here free of charge:
So far this whitepaper is only available as a PDF, if there is a need for an eBook Reader compatible version, please let me know.