Deploying certificates and CRL in a domain or a forest in an automated fashion can done using GPO like many other settings. However a less well-known possibility is to use the certutil -dspublish command. Let’s review how it works. When using that option, certificates are stored in one of the […]
When using self-signed certificates, and accessing your web contents with the Firefox browser, you may get a strange error message SEC_ERROR_INADEQUATE_KEY_USAGE This may happen in self hosted instances of YunoHost for example. Whereas the contents is properly displayed in all other browsers, you cannot add any exception in Firefox and […]
The documentation for the powershell cmdlet Get-Certificate only use generic examples. In this post, let’s see the Get-Certificate usage for Web Server. In our scenario, you have an Enterprise CA whose service is published under the name ‘My Company SubCA I’. You also have duplicated the Web Server template under […]
In enterprise environments, non-Windows PKI solutions are not uncommon. Such as product is PKI from Verizon CyberTrust called UniCERT, or UniCERT PKI for short. Although the product delivers standard PKI features, like many Unix-Java based products it has many limitations when it comes to integration into the Windows world. […]
A recent lab build showed me that in spite Microsoft’s evangelism for Powershell scripting, every product is not yet aligned and also made me discover a nice Powershell Module about PKI management. The initial goal of my lab was to test the Active Directory Federation Services role from the Windows […]
To perform LDAPS with Domain Controllers, you must install a certificate into the personal store of the computer account. If you are using Windows Enterprise CAs, it is no problem, as a dedicated template used to exist for a while. For 3rd-party CAs, until Windows 2003, the requirements the certificate […]
Microsoft courses about their PKI implementation (Or AD Certificate Services as we should now call it) just scratches the surface by telling you the differences between root CA, subordinate CA and the stand-alone / entreprise difference that comes with the CA being member of a domain. Some good links to […]
Here are redirection links related to the security updates: The wsusscn2.cab file used by the Windows Update Agent API, the MIcrosoft Baseline Security Analyzer and the open source wsusoffline project to get a list of available and needed patches; An Excel worksheet with a list of superseded / active bulletins […]
