Hi,

Based on my research, Exchnage only support DSA and RSA algorithms. Exchange does not support ECDSA certifictae. However, IIS does so client should be able to use ECDSA certs for certificate based authentication for EAS.

Re

Hello All

I have this rather strange problem in that I can't enable an SSL cert in the Exchange powershell. When I try to run:

[PS] C:\Windows\system32>Enable-ExchangeCertificate -Thumbprint 1a4c13ea05579bf01f12c0ea4a17d8c9f8491f5b -Services SMTP,
IIS
A special Rpc error occurs on server EX: The certificate with thumbprint 1A4C13EA05579BF01F12C0EA4A17D8C9F8491F5B was
found but is not valid for use with Exchange Server (reason: KeyAlgorithmUnsupported).
    + CategoryInfo          : NotSpecified: (:) [Enable-ExchangeCertificate], InvalidOperationException
    + FullyQualifiedErrorId : [Server=EX,RequestId=02872780-5e42-463a-90c6-afe558aae88c,TimeStamp=17/11/2014 17:59:00]
    [FailureCategory=Cmdlet-InvalidOperationException] FE48A2CE,Microsoft.Exchange.Management.SystemConfigurationTask
  s.EnableExchangeCertificate
    + PSComputerName        : ex.domain.com

If I run Get-ExchangeCertificate I can't see my certificate listed. But, if I open up the Certificate MMC snap-in, I can see the certificate listed there. And yes, I can see that it has a private key that corresponds with the certificate.

One thing to note, this is an ECDSA signed certificate from Comodo. Are these not supported? (hence the error)

If I try and use an RSA certificate it works 100%.

So can I get my ECDSA certificate to work with Exchange 2013 CU6?

Thanks!

Hi,

Based on my research, Exchnage only support DSA and RSA algorithms. Exchange does not support ECDSA certifictae. However, IIS does so client should be able to use ECDSA certs for certificate based authentication for EAS.

Regards,