Microsoft Exchange and Active Directory Blog
A long time ago I updated the Exchange Certificate Assistant for the last time. The script uses POSH-ACME as a client to automatically request Let's Encrypt certificates, but there are problems with the script from time to time. However, since there is now a much better version that also supports Exchange Server (and other services), I will ... Read more
Once an Exchange 2019 server has been configured, an SSL certificate needs to be installed. To configure the certificate correctly, the hostnames that are relevant for the certificate must be determined. The following script reads the hostnames from the configured URLs of the virtual directories and displays the corresponding hostnames in the Exchange Management Shell ... Read more
In January of this year, I reported on free S/MIME certificates from WISeID. Unfortunately, I have since discovered that newly requested certificates from this CA are no longer considered trustworthy. I noticed this when I requested a new 1-year certificate from WISeID. The CA still issues the certificates, but ... Read more
I have already reported several times about the possibility of obtaining free S/MIME certificates for signing and encrypting emails. There are now only a few providers that still offer free certificates. Some of the providers mentioned in the previous articles either do not issue certificates at all or only issue certificates with a 90-day validity period. All 90 ... Read more
In this article, I already described how the Sophos UTM certificate can be exported via REST API. A few people have now reported that an automatic export and import for Exchange Server is interesting. I have therefore extended the script and successfully tested the export and import with Exchange Server 2016. ... Read more
Sophos UTM can now automatically request and renew certificates from Let's Encrypt. This function is particularly useful for web server protection (WAF). The certificate for the various WAF services is thus managed by the UTM and renewed accordingly before it expires. I have already received several requests from people who would like to use the ... Read more
Update 25.02.2019: There is a new article here, as this article is no longer valid. Update 29.01.2019: See note/update at the end of the article. DGNcert is not stored as a trusted certification authority in Windows as I claimed. Therefore, please read the update at the end of the article first and then the comments. So far, Comodo has been a reliable ... Read more
Sophos UTM 9.6 now also offers the long-awaited support for free Let's Encrypt certificates. Although the UTM only supports the ACMEv1 protocol and therefore cannot request wildcard certificates, SAN certificates with up to 100 DNS names can be requested automatically. Brief overview of Let's Encrypt Let's Encrypt is a certification authority (CA) that ... Read more
I have now received several emails with questions about the Exchange backend certificate, so here is a short article about it. In most cases, the backend certificate was deleted during cleanup. The following article deals with the function and necessity of the backend certificate and also how to restore it if it has been accidentally deleted. What ... Read more
I can now announce that the current version of the Certificate Assistant for Let's Encrypüt now also supports Exchange 2010 and Server 2008 R2. I have updated the download again and there are now 3 versions of the script included: So the following operating systems are now supported: Windows Server 2008 R2 Windows Server 2012 R2 Windows ... Read more
