Microsoft Exchange and Active Directory Blog
In addition to Let's Encrypt, WoSign also offers free SAN certificates for Exchange servers, for example. The advantage of WoSign: The certificates are valid for up to 3 years: WoSign is a Chinese CA whose root certificate can be found in all common browsers and operating systems. Take Windows as an example: WoSign certificates are therefore trustworthy on most devices. Since I ... Read more
Update 12.01.17: This article is outdated, here is an updated version: Exchange 2016: Free certificates from Let's Encrypt The new CA "Let's Encrypt" has been in the public beta phase for a few days now. The aim of Let's Encrypt is to issue SSL certificates easily. The certificates are also free of charge. The CA will ... Read more
Anyone who has not yet thought about replacing their SHA1 certificates with SHA256 (also known as SHA2) should not wait too much longer. Microsoft has announced that it will no longer support SHA1 certificates from June 2016 and will therefore block them. A corresponding entry can be found here: http://blogs.windows.com/msedgedev/2015/11/04/sha-1-deprecation-update/ Mozilla has also ... Read more
After renewing the certificate for Exchange Server 2013 and Exchange Server 2016 (think also for Exchange 2010), the following event occurs after restarting the IIS server: [OWA] Failed to load SSL certificate The login to OWA or ECP is then no longer possible, it appears after entering the user name and password ... Read more
The Windows CA is able to send mails to inform about processes. For example, when the service is stopped or started. However, it is not easy to configure manually. I have therefore slightly modified a script from the Technet so that it also works if the CA has not yet issued any certificates. Simply ... Read more
Certificates from an Active Directory integrated certification authority can be easily requested via MMC. However, if you want to buy a certificate, you need a certificate request that can be submitted to the CA. Unfortunately, ECP offers few options for configuring the request and the subsequent certificate. The way via the Exchange Shell works much better. The command is ... Read more
All certificates have an expiration date, which is usually a long time in the future. Who remembers a certificate that was purchased 2 years ago or even longer? Some CAs send reminder e-mails, but not all. For internal CAs, the CA reporter may be able to help. If you only have a few purchased certificates, you can use Excel ... Read more
From 01.01.2016, Microsoft will declare SSL certificates with SHA1 as the hash algorithm invalid. Web servers or services that use certificates with SHA1 will therefore trigger certificate warnings in the user's browser. Therefore, SHA1 certificates should be replaced slowly but surely. In order for an internal CA to issue certificates with SHA256 (SHA2), the CA must ... Read more
Many of the emails I receive are always about certificates. I have therefore created a small wizard using PowerShell that takes some of the work out of dealing with certificates. It automatically searches for the corresponding DNS names, requests the certificate from a Windows CA and installs it on all Exchange 2013 servers. Without any manual work ... Read more
Today I just wanted to quickly request a certificate via certificate templates, but as it happens. The following error message: No certificate templates were found. You do not have sufficient rights to request a certificate from this certification authority, or an error occurred while accessing the Active Directory. I have a meaningful error message, but ... Read more
