Microsoft Exchange and Active Directory Blog
Last Monday I published a revised version of the Exchange Certificate Assistant. The last version previously only supported Exchange 2016 on Windows Server 2016. The current version now also supports Windows Server 2012 R2 and Exchange 2013. Also new is the possibility to send the notification mails with authentication on the SMTP server. In addition, ... Read more
I have started to revise the "Exchange Certificate Assistant". The previous version is no longer compatible with the current ACMESharp module and therefore requires an old version of the module. However, since some relevant parts of the ACMESharp module have changed in the meantime, it is time for a new version of the "Exchange Certificate Assistant". I have updated the "Certificate ... Read more
Anyone using Exchange 2016 in conjunction with a wildcard certificate should also configure the receive and send connectors accordingly. This may also be necessary for SAN certificates. If the SAN certificate contains the domain name as the "Common Name (issued for)" and not the corresponding server name of the Exchange server, problems may occur, for example, when encrypting the SMTP connection using STARTTLS. ... Read more
Google has announced that it will withdraw its trust from Symantec CAs (certification authorities) from 2018. A corresponding article can be found in the Google Security Blog: Chrome's Plan to Distrust Symantec Certificates Specifically, this means that websites or services that work with certificates issued by Symantec will no longer be considered trustworthy by Chrome.This affects all certificates issued before 01.06.2016 ... Read more
On February 6, 2017, I published the first version of the certificate wizard for Exchange 2016 and Let's Encrypt. The certificate wizard simplifies the process of requesting, renewing and installing an SSL certificate for Exchange 2016. Now, thanks to Bjoern, there is a new version. Bjoern has taken the trouble to make some changes so that the certificate wizard also works with Exchange 2010 and ... Read more
Let's Encrypt announced today that free wildcard certificates will also be issued from January 2018. Wildcard certificates (e.g. *.frankysweb.de) can be used to secure an entire domain via SSL with one certificate. With other certification authorities, wildcard certificates cost quite a bit of money, the cheapest wildcard certificate I know so far is just under 280 EUR for ... Read more
OPNSense is a fork of the well-known open source firewall PFSense, I personally like OPNSense better, the GUI is tidier, there is a REST api and the most important plug-ins are also available. As there is a plugin for HAProxy and also for Let's Encrypt for OPNSense, I have started testing this combination in conjunction with Exchange 2016. OPNSense ... Read more
Part 1 has already covered the preparations for Let's Encrypt certificates and Exchange 2010. This article therefore builds directly on Part 1. In part 1, the Exchange organization was adapted accordingly, so part 2 continues directly with the configuration of the public DNS. I forgot to mention that the ... Read more
Certificates from Let's Encrypt are becoming increasingly popular, which is hardly surprising as the certificates are free and there are simple clients to obtain the certificates. Let's Encrypt certificates are only valid for 3 months, but the available clients take care of renewing the certificates. Exchange 2016 can even be managed with a small PowerShell ... Read more
I had already announced that the certificate wizard would receive an update for Let's Encrypt. The version for Exchange 2016 is now ready. The certificate wizard can fetch a certificate from Let's Encrypt with just a few entries and then renew it fully automatically. I have tested this script so far with Windows Server 2016 and Exchange Server 2016. Tests ... Read more
