250 Hello - Certificates

7

Easy Way To Retrieve Certificate Thumbprint Using PowerShell

Posted on 14th May 2018 by Rhoderick Milne [MSFT]

Since many certificate operations involve knowing the certificate’s thumbprint, it is always useful to to have an easy way to get this information. In some of the online documentation it mentions you can copy the thumbprint out of the Certificate MMC snap-in and then manually delete the spaces between the data. No thanks.

However, if you *really* want to do that, or a quick and easy way to launch… Read the rest “Easy Way To Retrieve Certificate Thumbprint Using PowerShell”

1

Exchange Self Signed SHA2 Certificates

Posted on 20th July 2016 by Rhoderick Milne [MSFT]

In recent builds, Exchange has been updated to support the newer SHA2 certificates. Exchange 2010 SP3 RU13 and Exchange 2013 CU 12 updated the SMIME control’s certificate to SHA2.

Additionally, Exchange 2013 CU13 and Exchange 2016 CU2 added support for generating the self signed certificates as SHA2 certs.

The below is for reference to save having to spin up labs in the future to review differences i… Read the rest “Exchange Self Signed SHA2 Certificates”

0

Assigning Exchange 2016 and 2013 Certificate To Multiple Servers At The Same Time

Posted on 9th May 2016 by Rhoderick Milne [MSFT]

In Exchange 2010, the Exchange Management Console allowed us to import certificates to multiple servers and to then assign the certificate to multiple servers simultaneously. In the Exchange 2013 and Exchange 2016 EAC, the option to enable the certificate for Exchange services is per server.

As you can seen in the Exchange 2016 example below, we need to select each server one by one from the drop … Read the rest “Assigning Exchange 2016 and 2013 Certificate To Multiple Servers At The Same Time”

0

Renewing Exchange 2010 Certificate Using Exchange Management Console

Posted on 5th May 2016 by Rhoderick Milne [MSFT]

Renewing certificates breaks down into the following main sections

Create Certificate Signing Request
Send Certificate Signing Request to the Certification Authourity to be signed
Complete Certificate Signing Request
Install certificate on additional servers
Bind Services to newly completed certificate

As always, ensure that the names you have specified on the CAS namespace design are included. Th… Read the rest “Renewing Exchange 2010 Certificate Using Exchange Management Console”

0

Important Upcoming Certificate Changes

Posted on 3rd September 2012 by Rhoderick Milne [MSFT]

Please be aware that there is a pending change for the minimum key length for certificates with RSA keys. The private keys used in these certificates can be derived and could allow an attacker to duplicate the certificates and use them fraudulently to spoof content, perform phishing attacks, or perform man-in-the-middle attacks.

The update is available on the Download Center as well as… Read the rest “Important Upcoming Certificate Changes”

0

Custom Certificate Template Cannot be Issued

Posted on 26th January 2012 by Rhoderick Milne [MSFT]

At an engagement yesterday, I ran into an interesting issue where a custom certificate template that was created was unavailable from the Certificate Services Web Enrolment page.

One quick peek into the KB revealed a match for the issue.

You cannot have a Version 2 custom template of Type Minimum Windows 2008 Supported CA to be Available via Web Enrolment in Windows 2008

In Windows 2008, when yo… Read the rest “Custom Certificate Template Cannot be Issued”