+1 971 231 5523 info@pkisolutions.com

Category: PKI

Certificate Validation Certutil Internet Explorer Offline CA PKI Revocation Watch Out

Ignore Revocation Checking – The bane of my existence!

As students in my PKI training classes know, one of the areas I am a vocal about is the blind use of the CRLF_REVCHECK_IGNORE_OFFLINE setting in a PKI environment. I am so adamantly against the use of this setting, I personally refuse to ever explicitly

Read More
  • April 20, 2017

Certificate Validation Internet Explorer PKI Revocation RFCs Watch Out

What Your Browser Doesn’t Tell You Can Hurt You – Revocation and Internet Explorer

One of the topics I have been using as an example of revocation checking behavior in my PKI In-Depth class is the interesting case of Internet Explorer (IE) and its revocation behavior. Let’s take a moment and have you think about your assumption of how

Read More
  • February 11, 2017

Certificate Templates Certificate Validation Hash Algorithms Known Issues PKI

RSASSA-PSS – Why Your Certificate Can’t Be Validated

A common theme has been arriving in my email box lately as well as many online forums. Consistently people are reporting error with certificates issued by their internal Microsoft ADCS based CAs. Problems range from Apple devices, Firefox, appliances and many other systems. When people

Read More
  • February 1, 2017

DCOM/RPC Hotfixes Issuance Policies Key Attestation Known Issues NDES OCSP PKI Server 2016 Smart Cards Trusted Platform Modules (TPM)

Windows Server 2016 – What’s New with ADCS

Well, here it is – the concise list of updates and changes to Active Directory Certificate Services (ADCS) for Windows Server 2016. I will go ahead and tell you now that there aren’t any new earth shattering features. Consider this an incremental set of improvements

Read More
  • December 2, 2016

Authentication Development Enrollment Internet of Things NDES NDES Policy Module PKI Policy Module White Papers

Creating a NDES Policy Module – A Programmers Guide

Microsoft introduced a great security improvement in Windows Server 2012 R2 to alter the standard Network Device Enrollment Service (NDES) security process. If you are familiar with the whitepaper I wrote for Microsoft (Securing and Hardening NDES) you’ll know I wrote about the disadvantages of

Read More
  • November 30, 2016

Certificate Transparency PKI Qualified Subordination Revocation Watch Out

Certificate Transparency Enforcement and Microsoft CAs – Oct 2017 Deadline

To address some weaknesses in the public PKI trust process, Certificate Transparency (CT) was created to make it easier to detect and track fraudulent certificate issuance and use. The intent is that a small collection of log servers would contain information about valid certificates and browsers

Read More
  • November 29, 2016

Certificate Requests Certreq CES/CEP Enrollment PKI Web Enrollment

Submitting Netscape SPKI (SPKAC) Cert Requests to ADCS

Recently I was contacted on Twitter with a question about Microsoft’s support of Signed Public Key and Challenge (Netscape SPKI) for certificate enrollment requests. I have long taught in my classes that there are a number of formats supported by ADCS for certificate requests. So

Read More
  • November 11, 2016

  © Copyright 2013-2016 PKI Solutions Inc. // All Rights Reserved // Terms of Service // Privacy Policy // Pricing and Refund Policies