Dalle on Twitter
Posts by
-
-
Recent Posts
Recent Comments
- Brian_Butler on PKI cleanup in AD with PS
- Poweradmse on PowerShell + Working with applications–custom view
- Fredrik Wall on PowerShell + Working with applications–custom view
- Andreas Brantholm on PowerShell + working with applications–Find Identifying Number
- Poweradmse on PowerShell + working with applications–Find Identifying Number
Archives
- September 2012
- August 2012
- June 2012
- March 2012
- January 2012
- December 2011
- November 2011
- September 2011
- August 2011
- July 2011
- June 2011
- May 2011
- April 2011
- March 2011
- February 2011
- January 2011
- December 2010
- November 2010
- October 2010
- August 2010
- July 2010
- June 2010
- May 2010
- April 2010
- March 2010
- February 2010
- January 2010
- December 2009
- November 2009
- October 2009
- September 2009
- August 2009
- July 2009
- June 2009
- May 2009
- April 2009
- March 2009
- February 2009
- June 2008
- April 2007
- June 2006
Categories
Deployment
PowerShell
Security
Category Archives: PKI
PKI lockdown for internal Enterprise Roots using CAPolicy.inf
Sorry for being absence from the blog right now. A lot of time consuming stuff is happening at work right now, but I will better myself, I promise! A very common problem I see regarding ADCS and PKI is that … Continue reading
ADCS Certificate Expiration Report Tool
I want to start with a little disclaimer: The real credits for this tool does not really belong to me. This tool is using the really wonderful PSPKI PowerShell module from http://pspki.codeplex.com/ and all credits should go them for making … Continue reading
WINSEC crew @ Microsoft Sommarkollo 2011
Yesterday myself, Hasain Alshakarti and Göran Melvås (all three of us are members of Swedish Windows Security User Group) had a live session at Microsoft Sweden about Forefront Identity Manager Certificate Management 2010 (FIM-CM 2010). I wanted to thank … Continue reading
How to issue EV SSL certificates from an Enterprise CA
A question that I get all the time, is how to issue internal Extended Validation certificates from an internal Enterprise CA. Even though EV certificates do not provide increased security from a technical point of view, sometimes people just want … Continue reading
Do not enable SAN certificate requests on your Enterprise CA’s!
Not many people are not aware of the fact that enabling SAN attributes in certificate requests can be a security issue. I have seen many people on different forums that tell other people to enable EDITF_ATTRIBUTESUBJECTALTNAME2 with certutil on Enterprise … Continue reading
Goodies from CAPolicy.inf–LoadDefaultTemplates
Not many people are aware of a certain available option in CAPolicy.inf that came with Windows Server 2003 SP1. The LoadDefaultTemplates is very useful since it prevents the CA to associate itself with the default list of certificate templates when … Continue reading
How to remotely check if Base CSP is installed
At this TechDays 2011 here in Sweden, I got a question when I was standing in the Swedish Windows Security User Group booth about if there was some easy way to determine if the Microsoft Base CSP (KB909520) is installed … Continue reading
Don’t forget the CAPolicy.inf file!
Yesterday I saw it again – a Windows Server 2003 Root CA that was installed with NO CAPolicy.inf file! Apparently, not everybody are aware about how Certificate Services works regarding the creation of the certificate that is being generated … Continue reading
Windows 2008 R2 ADCS in a Windows 2000 ADDS
Last night, I did a quite fun test. I tested ADCS in 2008 R2 from a compatibility view. I installed a Windows 2000 mixed mode domain (schema version 13) and installed an Enterprise Root on a domain member running Windows … Continue reading
ADCS Backup Tool–ADCS Backups made easy…
Last week, I discussed with dear pal Stefan Schörling at http://www.msfaq.se/ regarding some questions about how to do a complete backup and restore of an Enterprise CA in a disaster recovery scenario without using a full machine backup. In other … Continue reading