Forum Discussion
Dominic Russell
Dec 19, 2021Copper Contributor
Exchange 2013 The certificate key algorithm is not supported
Hello, We have an Exchange 2013 server, updated to CU23, which worked fine until one day, it showed the error on OWA "The certificate key algorithm is not supported"! I tried to put back an older...
Oleg_Kovalenko
Jan 11, 2022Brass Contributor
Hi Russel.
Please check your cert store and certificate.
Check store.
Example. https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/technical-reference/ad-fs-and-keyspec-property
Test TLS connection
https://techcommunity.microsoft.com/t5/azure-paas-blog/ssl-tls-connection-issue-troubleshooting-test-tools/ba-p/2240059
Maybe you have the certificate expired or use 1024 bit
https://www.comodo.com/e-commerce/ssl-certificates/upgrade-ssl-certificate-to-2048-bit-before-31-december.php
Please check your cert store and certificate.
Check store.
Example. https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/technical-reference/ad-fs-and-keyspec-property
Test TLS connection
https://techcommunity.microsoft.com/t5/azure-paas-blog/ssl-tls-connection-issue-troubleshooting-test-tools/ba-p/2240059
Maybe you have the certificate expired or use 1024 bit
https://www.comodo.com/e-commerce/ssl-certificates/upgrade-ssl-certificate-to-2048-bit-before-31-december.php
Dominic Russell
Jan 11, 2022Copper Contributor
The certificates are fine. I tried several and they are all doing the same error. The only workaround I found so far is to use basic authentication, FBA returns this error but not basic authentication. The conclusion is therefore that FBA cannot authenticate the user to the domain with this error. How to troubleshoot FBA authentication process? How to know which one of the three configured it tried (NTLM, etc) and how to troubleshoot? Is it worth trying another mean of authentication through FBA? I'm asking, because I just spent over 48 hours almost straight trying to find a fix and soon, building a new server will make more sense, but fixing this one would be much preferable, there must be a way to troubleshoot issues with Exchange!! Or is it just trial and errors until you get lucky, and if so, go buy beers and lottery tickets?