skip to Main Content

Exchange Server certificate changes

To prevent misuse of UNC paths by attackers, Microsoft removed the parameters that take UNC paths as inputs from the Exchange Server PowerShell cmdlets and the Exchange Admin Center. These changes will affect all cumulative update (CU) releases of Microsoft Exchange Server 2019 (CU12 and later) and Microsoft Exchange Server 2016 (CU23 and later).

UNC path inputs not usable

To prevent misuse of UNC paths by attackers, parameters that take UNC paths as inputs will no longer be usable in:

  1. Exchange Admin Center
  2. Exchange Server PowerShell cmdlets

These certificate changes are available in the latest Exchange Server updates:

Exchange Admin Center certificate changes

The following certificate functionality in Exchange Admin Center is removed after upgrading to Exchange Server 2019 CU12 and later and Microsoft Exchange Server 2016 CU23 and later:

  1. Import & Export Exchange Certificate removal
  2. Complete Exchange Certificate Request removal
  3. New Exchange Certificate Request from CA removal
  4. Renew Exchange Certificate Request removal

In the previous versions of Exchange Server, there was an option to import or export the Exchange certificate through Exchange Admin Center.

Exchange Server certificate management changes before

The option to import or export the Exchange certificate through Exchange Admin Center is removed. Instead, you must now use PowerShell cmdlets to import or export the Exchange certificate.

Exchange Server certificate management changes after

Exchange Server PowerShell cmdlets certificate changes

The FileName and RequestFile parameter that takes the UNC path as input is removed from Exchange Server PowerShell cmdlets after upgrading to Exchange Server 2019 CU12 and later and Microsoft Exchange Server 2016 CU23 and later.

The below articles are up to date with the certificate changes. You can follow them to create, renew, import, and export Exchange Certificates:

  1. New-ExchangeCertificate
  2. Import-ExchangeCertificate
  3. Export-ExchangeCertificate

Conclusion

The Exchange Server certificate changes apply after upgrading to Exchange Server 2019 CU12 and later and Microsoft Exchange Server 2019 CU23 and later. It’s a welcoming change from Microsoft because security is essential. Use the PowerShell cmdlets from now on.

Did you enjoy this article? You may also like Antivirus exclusions for Exchange Server. Don’t forget to follow us and share this article.

ALI TAJRAN

ALI TAJRAN

ALI TAJRAN is a passionate IT Architect, IT Consultant, and Microsoft Certified Trainer. He started Information Technology at a very young age, and his goal is to teach and inspire others. Read more »

This Post Has 6 Comments

  1. Thanks for your great post. But I do still have an open question. How do I import or export certificates after upgrading to the new CU without the filename parameter?

    Cheers
    Michael

  2. Ali,

    Great posts are usual. One typo on here:

    “The following certificate functionality in Exchange Admin Center is removed after upgrading to Exchange Server 2019 CU12 and later and Microsoft Exchange Server 2019 CU23 and later:”

    *Should read Exchange 2016 CU23

    Thanks!

Leave a Reply

Your email address will not be published.