CSRs created by Exchange are signed with outdated signature algorithm - Microsoft Support

Support

Sign in

Sign in with Microsoft

Sign in or create an account.

Hello,

Select a different account.

You have multiple accounts

Choose the account you want to sign in with.

Applies To

Exchange Server 2019 Exchange Server 2016

Symptoms

When you run New-ExchangeCertificate, Microsoft Exchange Server uses the outdated sha1WithRSA signature algorithm to sign the Certificate Signing Request (CSR). Some Certification Authorities (CA) don't accept the CSR if it's signed by using this outdated signature algorithm.

Resolution

To fix this issue, install the following security update:

Description of the security update for Microsoft Exchange Server 2019 and 2016: November 12, 2024 (KB5044062)

Email

SUBSCRIBE RSS FEEDS

Need more help?

Want more options?

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Microsoft 365 subscription benefits

Microsoft 365 training

Microsoft security

Accessibility center