Issue:
Starting with the Exchange Server April 2024 Hotfix Update (HU), ECC certificates can be used on Exchange Server 2016 and Exchange Server 2019. The latest version of HealthChecker shows an error if an ECC certificate is assigned to an Exchange service (e.g., SMTP).
Reason:
The PublicKeySize is returned as 0 for ECC certificates (by design).
Fix:
Detect if a certificate is an ECC certificate. We do this by comparing the WellKnownOid. If it matches 1.2.840.10045.2.1 (Oid for ECC), we exclude the Key Size check for this certificate.
Issue: Starting with the Exchange Server April 2024 Hotfix Update (HU), ECC certificates can be used on Exchange Server 2016 and Exchange Server 2019. The latest version of HealthChecker shows an error if an ECC certificate is assigned to an Exchange service (e.g., SMTP).
Reason: The
PublicKeySize
is returned as0
for ECC certificates (by design).Fix: Detect if a certificate is an ECC certificate. We do this by comparing the
WellKnownOid
. If it matches1.2.840.10045.2.1
(Oid for ECC), we exclude the Key Size check for this certificate.Validation: Lab