Publishing certificates in the Active Directory

Deploying certificates and CRL in a domain or a forest in an automated fashion can done using GPO like many other settings. However a less well-known possibility is to use the certutil -dspublish command. Let’s review how it works. When using that option, certificates are stored in one of the […]

ADSI Edit PKI tree

Firefox displays SSL Error: SEC_ERROR_INADEQUATE_KEY_USAGE when using self-signed certificate

When using self-signed certificates, and accessing your web contents with the Firefox browser, you may get a strange error message SEC_ERROR_INADEQUATE_KEY_USAGE This may happen in self hosted instances of YunoHost for example. Whereas the contents is properly displayed in all other browsers, you cannot add any exception in Firefox and […]

Get-Certificate usage for Web Server

The documentation for the powershell cmdlet Get-Certificate only use generic examples. In this post, let’s see the Get-Certificate usage for Web Server. In our scenario, you have an Enterprise CA whose service is published under the name ‘My Company SubCA I’. You also have duplicated the Web Server template under […]

Outlook Help Sign A Message

Exchange S/MIME Template

WHen you want to implement mail signing and/or encryption wit the Outlook/Exchange products, you are faced to different choices. One involves to know which Exchange S/MIME template you should choose among all Certificate templates. First of all, please remember that S/MIME may help to achieve the following goals: message authentication: […]

ADFS 3.0 in Windows 2012 R2: Self Signed Certificate 1

A recent lab build showed me that in spite Microsoft’s evangelism for Powershell scripting, every product is not yet aligned and also made me discover a nice Powershell Module about PKI management. The initial goal of my lab was to test the Active Directory Federation Services role from the Windows […]