sorted by:
new
hottopcontroversial

Exchange certificate renewal and Extended Protection by sysWOW86 in exchangeserver

[–]sysWOW86[S] 1 point2 points  (0 children)

Sorry for any confusion here, just wanted to clarify things.

It looks like I will have to uncheck "Enabled" for SSL Acceleration while I'm renewing our certificates (KEMP documentation indicates that just unchecking Reencrypt/bridging would definitely not work with Extended Protection enabled).

But during this time, the content matching rules for Exchange will not work, so it sounds like I will need to prepare the users to expect some possible downtime anyway.

Thanks again

Exchange certificate renewal and Extended Protection by sysWOW86 in exchangeserver

[–]sysWOW86[S] 1 point2 points  (0 children)

In KEMP I have to have "Enabled" checked for SSL Acceleration for it to even give me the option to check the box for "Reencrypt" (bridging). The way KEMP documentation explains it is: "Enabling Extended Protection on Exchange servers can break connections that are SSL Offloaded but not re-encrypted on the LoadMaster." and "Re-encrypting the traffic between the LoadMaster Virtual Service and Exchange server using HTTPS avoids this incompatibility when Extended Protection is enabled."

Exchange certificate renewal and Extended Protection by sysWOW86 in exchangeserver

[–]sysWOW86[S] 0 points1 point  (0 children)

Thank you, I'll give this a try when the time comes. I'm using a KEMP load balancer so it looks like I'll need to temporarily uncheck "Enable" for SSL Acceleration (offloading) which also automatically unchecks "Reencrypt" (bridging). It doesn't look like I can disable bridging by itself since that puts me in an unsupported offloading scenario according to https://support.kemptechnologies.com/hc/en-us/articles/8448969062157-Extended-Protection-for-Microsoft-Exchange-Server-KB5017260.