Cert Requests Appear, Which I Didn't Make

mlavie 96 Reputation points
2021-11-27T13:33:34.983+00:00

In my ES2019 Exchange Admin Center, I am seeing cert requests which I never made.

There are about 20 of them in the last 3 months.

Does this mean I've been hacked? Anyone who had my admin password would surely have better things to do with it, than create requests, which no authority will honor since the hacker won't have access to the Domain Control Proof email for verification. Also, upon inspection, the requests are for domain "{example.org}". Obviously, anyone trying to break into my server would try to get a cert with my domain's name, and not a dummy name like "example.org".

The Certification authority-signed certificate details in the right Details Panel show what looks like to be HTML code from an ASP (!!!) Page.

I'd appreciate guidance on this.

Exchange Server Management
Exchange Server Management
Exchange Server: A family of Microsoft client/server messaging and collaboration software.Management: The act or process of organizing, handling, directing or controlling something.
7,205 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Andy David - MVP 137.9K Reputation points MVP
    2021-11-27T20:44:50.807+00:00

    hmmm, that sounds weird, yes.

    What CU and Security updates have been applied?

    Are you up to date?

    https://techcommunity.microsoft.com/t5/exchange-team-blog/released-november-2021-exchange-server-security-updates/ba-p/2933169

    If admin audit logging is enabled, search and see if you find anything:

    Search-AdminAuditLog -Cmdlets New-ExchangeCertificate