It's easier to always run Exchange Management Shell as administrator. Do you use the Exchange…
Exchange Server certificate changes
To prevent misuse of UNC paths by attackers, Microsoft removed the parameters that take UNC paths as inputs from the Exchange Server PowerShell cmdlets and the Exchange Admin Center. These changes will affect all cumulative update (CU) releases of Microsoft Exchange Server 2019 (CU12 and later) and Microsoft Exchange Server 2016 (CU23 and later).
Table of contents
UNC path inputs not usable
To prevent misuse of UNC paths by attackers, parameters that take UNC paths as inputs will no longer be usable in:
- Exchange Admin Center
- Exchange Server PowerShell cmdlets
These certificate changes are available in the latest Exchange Server updates:
Exchange Admin Center certificate changes
The following certificate functionality in Exchange Admin Center is removed after upgrading to Exchange Server 2019 CU12 and later and Microsoft Exchange Server 2016 CU23 and later:
- Import & Export Exchange Certificate removal
- Complete Exchange Certificate Request removal
- New Exchange Certificate Request from CA removal
- Renew Exchange Certificate Request removal
In the previous versions of Exchange Server, there was an option to import or export the Exchange certificate through Exchange Admin Center.
The option to import or export the Exchange certificate through Exchange Admin Center is removed. Instead, you must now use PowerShell cmdlets to import or export the Exchange certificate.
Exchange Server PowerShell cmdlets certificate changes
The FileName and RequestFile parameter that takes the UNC path as input is removed from Exchange Server PowerShell cmdlets after upgrading to Exchange Server 2019 CU12 and later and Microsoft Exchange Server 2016 CU23 and later.
The below articles are up to date with the certificate changes. You can follow them to create, renew, import, and export Exchange Certificates:
Conclusion
The Exchange Server certificate changes apply after upgrading to Exchange Server 2019 CU12 and later and Microsoft Exchange Server 2019 CU23 and later. It’s a welcoming change from Microsoft because security is essential. Use the PowerShell cmdlets from now on.
Did you enjoy this article? You may also like Antivirus exclusions for Exchange Server. Don’t forget to follow us and share this article.
hi,
Please show renew certification on Exchange Server 2019 CU12 by use powershell
i cannot find your websites.
To renew a third-party certificate on Exchange Server, you need to create a new certificate request on the Exchange Server and proceed further.
Follow the article How to create certificate in Exchange Server.
thanks a lot for reply.
Thank you for this post. The Microsoft documentation for those CU’s is lacking on this point and in fact their online documentation still shows the procedures for creating a certificate request through the EAC.
how to install new certifcate to exchange 2016CU23. can you write a command please
The following article covers it: How to create certificate in Exchange Server. I also updated the article with a link to that article.
Thanks for your great post. But I do still have an open question. How do I import or export certificates after upgrading to the new CU without the filename parameter?
Cheers
Michael
Hi Michael,
I updated the article with links to the below articles which are up to date with the latest certificate changes:
– How to create certificate in Exchange Server
– How to import certificate in Exchange Server
– How to export certificate in Exchange Server
Ali,
Great posts are usual.