Microsoft Exchange and Active Directory Blog
Since the Exchange Server April 2024 Hotfix Update, Exchange Server 2019 also supports ECC (Elliptic Curve Cryptography) certificates. However, there are a few things to bear in mind when using ECC certificates. In the following article, we take a look at what you need to consider. What are ECC certificates ECC certificates (Elliptic Curve Cryptography) are certificates that are based on ... Read more
The validity of certificates can be checked either via OCSP (Online Certificate Status Protocol) or classically via a revocation list (CRL). The basic revocation list of a Microsoft Windows certification authority is valid for 7 days by default. In some cases, this is too long, as a certificate may still be valid after revocation. Read more
This short HowTo is about the configuration of OCSP (Online Certificate Status Protocol) or the "Online Responder" role on Windows Server 2022. OCSP (Online Certificate Status Protocol) is a protocol that is used within the PKI. It enables the status of certificates to be checked in real time. Instead of checking the validity of certificates in long revocation lists (Certificate Revocation ... Read more
Most people will know Let's Encrypt as a free and open certification authority. Let's Encrypt uses the ACME (Automatic Certificate Management Environment) protocol to issue valid certificates for all kinds of services and systems with minimal administrative effort. Let's Encrypt is particularly suitable for all systems and services that are publicly accessible, as the issuing process for ... Read more
I have already written several times about the configuration of certificates on Exchange servers, but mostly I have dealt with the front end certificates. However, Exchange servers also have a back end which is configured with a self-signed certificate. The back end certificate does not have to be replaced by a publicly valid certificate or by a ... Read more
Since CU12 for Exchange 2019 and CU23 for Exchange 2016, certificates can no longer simply be requested or imported via the Exchange Admin Center. This is due to a change to the CMDLets "New-ExchangeCertificate", "Import-ExchangeCertificate" and "Export-ExchangeCertificate", where UNC paths can no longer be used. In the Exchange Admin Center there were before CU12 and CU23 ... Read more
By default, Windows servers use self-signed certificates for the RDP connection. The self-signed certificates then cause a certificate warning when the RDP connection to a Windows server is established: This warning can be avoided by automatically rolling out certificates from a Windows certification authority on the servers and renewing them if necessary. The installation ... Read more
I recently had the requirement to export all valid certificates of a Windows certification authority so that the certificates could be entered into a certificate management software. I therefore created a small PowerShell script that exports all certificates that are still valid at the time the script runs to a folder. Since only ... Read more
After installing the July security updates, it may happen that the Exchange Administrative Center (EAC) and OWA can no longer be opened. The cause is an expired certificate for Exchange Server OAuth authentication. Microsoft also refers to this problem in the release notes of the updates. Unfortunately, the notes on the updates are overlooked ... Read more
During a server migration, the problem occurred that a certificate could not be exported. During the migration, only the operating system was to be replaced with a current version and the certificate was to continue to be used if possible. In this specific case, it was a wildcard certificate, but the setting "Private key ... Read more
