3,441 views
Exchange 2010 Certificates
In an older blog post on Certificate Authorities, I have provided some information about the process to generate Exchange 2007 certificates. This process has slightly changed in Exchange 2010, and Johan Delimon (pro-exchange.be) has written an excellent article about this : Generating Exchange 2010 Certificates (Exchange Management Shell)
The 2 most important changes are :
- the new-exchangecertificate cmd-let no longer supports the -path variable (so requests cannot be written directly to disk)
- the 2007 GUI at Digicert still uses the -path parameter, so a new GUI was created to support 2010 certificate requests
In short, the updated procedure is :
- generate the powershell command using an updated gui at Digicert : https://www.digicert.com/easy-csr/exchange2010.htm
- Save the exchange certificate request into a $Data variable
- Write the contents of the $Data variable to a file (Set-Content -path “c:\request.req” -Value $Data)
Then, sign and import the certificate (bb124424(EXCHG.140).aspx)
.
© 2009 – 2021, Peter Van Eeckhoutte (corelanc0d3r). All rights reserved.
Similar/Related posts:
Exchange 2007/2010 : Renaming attachments ‘on the fly’ – custom transport agent
Exploit writing tutorial part 7 : Unicode – from 0x00410041 to calc
Fixing Exchange 2007 Offline Address Book generation (oalgen) and distribution issues
Juniper ScreenOS : defeating iBGP full mesh requirement using route reflectors and confederations
Windows 2008 PKI / Certificate Authority (AD CS) basics
Posted in Certificates, MS Exchange | Tagged 2007, 2010, certificate, data variable, exchange certificates, exchange-2010-certificate, exchange-2010-certificate-powershell, exchange-2010-certificate-request-gui, exchange-2010-certificate-request-powershell, exchange-2010-powershell-certificate-request, exchange-2010-powershell-certificate-use, exchange-2010-powershell-commands-certificates, generating-certificate-for-exchange-2010-private, generating-new-certificates-for-exchange-2010-powershell, gui digicert, MS Exchange, new-certificaterequest, pro-and-cons-of-active-directory-certificates, requests, set-content
Comments are closed.
Corelan Training
We have been teaching our win32 exploit dev classes at various security cons and private companies & organizations since 2011
Check out our schedules page here and sign up for one of our classes now!
Check out our schedules page here and sign up for one of our classes now!
Donate
Want to support the Corelan Team community ? Click here to go to our donations page.
Want to donate BTC to Corelan Team?
Your donation will help funding server hosting.
Your donation will help funding server hosting.
Corelan Team Merchandise
You can support Corelan Team by donating or purchasing items from the official Corelan Team merchandising store.
Corelan on Slack
You can chat with us and our friends on our Slack workspace: