Forum Discussion

Dominic Russell's avatar
Dominic Russell
Copper Contributor
Dec 19, 2021

Exchange 2013 The certificate key algorithm is not supported

Hello, We have an Exchange 2013 server, updated to CU23, which worked fine until one day, it showed the error on OWA "The certificate key algorithm is not supported"! I tried to put back an older...
2013
Exchange Server
OWA
Oleg_Kovalenko's avatar
Oleg_Kovalenko
Brass Contributor
Dec 29, 2021

Hi.
1. Please check to enable TLS 1.2 and cipher by the IIS Crypto tool.
Technical reference details about encryption
https://docs.microsoft.com/en-us/microsoft-365/compliance/technical-reference-details-about-encryption?view=o365-worldwide
2. Please check the same on your client's PC.
PS. I recommend reviewing or creating GPO for TLS 1.2 and cipher
Server cipher suites and TLS requirements
https://docs.microsoft.com/en-us/power-platform/admin/server-cipher-tls-requirements

Exchange Server TLS guidance, part 1: Getting Ready for TLS 1.2

https://techcommunity.microsoft.com/t5/exchange-team-blog/exchange-server-tls-guidance-part-1-getting-ready-for-tls-1-2/ba-p/607649

 

Dominic Russell's avatar
Dominic Russell
Copper Contributor
Dec 30, 2021
I already configured the proper ciphers with IISCrypto before it started doing this issue. I then tried many, many, many different settings in case one would work, but the error stays the same. I did not notice when this issue started because I am not using OWA/ECP often, but I can assure that when I installed the latest SSL certificate, it was working properly.
  • Oleg_Kovalenko's avatar
    Oleg_Kovalenko
    Brass Contributor
    Dec 30, 2021

    Russell,
    Please check and install .NET Framework 4.8 and all windows update.

     

    After the update, please check TLS .Net.

     

    Transport Layer Security (TLS) best practices with the .NET Framework https://docs.microsoft.com/en-us/dotnet/framework/network-programming/tls

    Update and configure the .NET Framework to support TLS 1.2
    https://docs.microsoft.com/en-us/mem/configmgr/core/plan-design/security/enable-tls-1-2-client#bkmk_net

     

    • Dominic Russell's avatar
      Dominic Russell
      Copper Contributor
      Jan 05, 2022

      As mentioned, it was working few months back, so TLS 1.2 is already activated and working. The server is 2012R2. I installed .Net 4.8 just in case it would make any difference, but not. How to troubleshoot what is the error exactly and what triggers it? It would be preferable to pinpoint the source of the issue instead of trying settings and installation of programs...

      Interesting fact I forgot to mention, the login screen appears correctly, it is after logging in that the web page shows this error.

Resources