Dalle on Twitter
Posts by
-
-
Recent Posts
Recent Comments
Archives
- March 2012
- January 2012
- December 2011
- November 2011
- September 2011
- August 2011
- July 2011
- June 2011
- May 2011
- April 2011
- March 2011
- February 2011
- January 2011
- December 2010
- November 2010
- October 2010
- August 2010
- July 2010
- June 2010
- May 2010
- April 2010
- March 2010
- February 2010
- January 2010
- December 2009
- November 2009
- October 2009
- September 2009
- August 2009
- July 2009
- June 2009
- May 2009
- April 2009
- March 2009
- February 2009
- June 2008
- April 2007
- June 2006
Categories
Deployment
PowerShell
Security
Category Archives: PKI
My PowerShell based certificate viewer
For some time now, I have been a little bit tired of certmgr.msc, the certificate management MMC-snap in. Not only by the fact that a user needs local administrator rights to be able to open it (because MMC itself needs … Continue reading
Automated certificate management in ADFS using PowerShell
Now don’t get me wrong, I absolutely love ADFS. I think is a great way to enable single sign on and federated login on a per application basis using existing identities in your infrastructure. However, the only thing I don’t … Continue reading
Some fun with the Public Key Services container and the ADCS wizard
Recently, I did an experiment of how well the ADCS wizard handles an administrator who “destroys” the Public Key Services container were ADCS and ADDS stores all PKI related information. I did many different tests and one of the was … Continue reading
CADCT – CA Decommission Tool
Have you ever wonder how to remove, uninstall or delete a specific CA from Active Directory in an easy way? Well, for some time now, I have been playing with a little PowerShell script I have created for easy decommission … Continue reading
certutil–dsdel does not clean up completely
I have noticed that some people have tried to do a CA decommission with the dsdel option in certutil. However, there is just a little, little problem with it: it does not remove everything! Now, what is wrong with … Continue reading
The BitLocker certificate EKU and Windows Server 2008 R2
Today, I discovered something that kind of bothered me. I enrolled a number certificates in my test environment and the BitLocker Drive Encryption EKU (1.3.6.1.4.1.311.67.1.1) was one of the EKU’s present in the certificates. I looked at one of … Continue reading
PKI cleanup in AD with PS
Yesterday I created this little script and I wanted to share it with you guys. Now that PKI View is removed from KB889250, some people has asked me how to remove all references to old PKI structures in Active Directory … Continue reading
PKI View is no longer a supported way for CA decommission
Thanks to my post http://poweradmin.se/blog/2010/05/08/pkiview-msc-doesnt-say-the-entire-truth and the great, open and quick communication between myself and Microsoft, PKI View is no longer a part of KB889250, which is the step by step guide for CA decommission. I really salute Microsoft for … Continue reading
Pkiview.msc doesn't say the entire truth…
I guess I am not the only one that usually removes old PKI stuff from the Public Key Container in Active Directory with pkiview.msc. However, recently I discovered something that kind of bothered me. I was working with a … Continue reading
Unsupported configurations for Forefront TMG
This morning when I created a web listener, I discovered that TMG did not appreciate my certificate that was issued according to my V3 template with support for CNG and all. (The workaround is to use a V1 or V2 … Continue reading