Exchange Self Signed SHA2 Certificates

In recent builds, Exchange has been updated to support the newer SHA2 certificates.  Exchange 2010 SP3 RU13 and Exchange 2013 CU 12 updated the SMIME control’s certificate to SHA2. Additionally, Exchange 2013 CU13 and Exchange 2016 CU2 added support for generating the self signed certificates as SHA2 certs. The below is for reference to save…

9

Assigning Exchange 2016 and 2013 Certificate To Multiple Servers At The Same Time

In Exchange 2010, the Exchange Management Console allowed us to import certificates to multiple servers and to then assign the certificate to multiple servers simultaneously.  In the Exchange 2013 and Exchange 2016 EAC, the option to enable the certificate for Exchange services is per server.  As you can seen in the Exchange 2016 example below,…

0

Important Upcoming Certificate Changes

Please be aware that there is a pending change for the minimum key length for certificates with RSA keys.  The private keys used in these certificates can be derived and could allow an attacker to duplicate the certificates and use them fraudulently to spoof content, perform phishing attacks, or perform man-in-the-middle attacks.     The…

2

Custom Certificate Template Cannot be Issued

At an engagement yesterday, I ran into an interesting issue where a custom certificate template that was created was unavailable from the Certificate Services Web Enrolment page. One quick peek into the KB revealed a match for the issue.  You cannot have a Version 2 custom template of Type Minimum Windows 2008 Supported CA to…

1