Forum Discussion
Exchange 2013 The certificate key algorithm is not supported
Hello,
We have an Exchange 2013 server, updated to CU23, which worked fine until one day, it showed the error on OWA "The certificate key algorithm is not supported"!
I tried to put back an older valid certificate, reactivate all ciphers and TLS, updated to latest Microsoft patches, this error still comes back and I cannot manage the server anymore!
Anyone has a clue how to resolve this issue?
Hi.
1. Please check to enable TLS 1.2 and cipher by the IIS Crypto tool.
Technical reference details about encryption
https://docs.microsoft.com/en-us/microsoft-365/compliance/technical-reference-details-about-encryption?view=o365-worldwide
2. Please check the same on your client's PC.
PS. I recommend reviewing or creating GPO for TLS 1.2 and cipher
Server cipher suites and TLS requirements
https://docs.microsoft.com/en-us/power-platform/admin/server-cipher-tls-requirementsExchange Server TLS guidance, part 1: Getting Ready for TLS 1.2
- I already configured the proper ciphers with IISCrypto before it started doing this issue. I then tried many, many, many different settings in case one would work, but the error stays the same. I did not notice when this issue started because I am not using OWA/ECP often, but I can assure that when I installed the latest SSL certificate, it was working properly.
Russell,
Please check and install .NET Framework 4.8 and all windows update.After the update, please check TLS .Net.
Transport Layer Security (TLS) best practices with the .NET Framework https://docs.microsoft.com/en-us/dotnet/framework/network-programming/tls
Update and configure the .NET Framework to support TLS 1.2
https://docs.microsoft.com/en-us/mem/configmgr/core/plan-design/security/enable-tls-1-2-client#bkmk_net
- surajbudhani
Microsoft
Can you check in IIS which Certificate is selected?I tried them all, even the one installed originally by Exchange, none are working, they all generate this error.
