PKI


Publishing certificates in the Active Directory

Deploying certificates and CRL in a domain or a forest in an automated fashion can done using GPO like many other settings. However a less well-known possibility is to use the certutil -dspublish command. Let’s review how it works. When using that option, certificates are stored in one of the […]

ADSI Edit PKI tree

Firefox displays SSL Error: SEC_ERROR_INADEQUATE_KEY_USAGE when using self-signed certificate

When using self-signed certificates, and accessing your web contents with the Firefox browser, you may get a strange error message SEC_ERROR_INADEQUATE_KEY_USAGE This may happen in self hosted instances of YunoHost for example. Whereas the contents is properly displayed in all other browsers, you cannot add any exception in Firefox and […]


Get-Certificate usage for Web Server

The documentation for the powershell cmdlet Get-Certificate only use generic examples. In this post, let’s see the Get-Certificate usage for Web Server. In our scenario, you have an Enterprise CA whose service is published under the name ‘My Company SubCA I’. You also have duplicated the Web Server template under […]


PKI word and key drawing

UniCERT PKI: limited auto-enrollment support 2

  In enterprise environments, non-Windows PKI solutions are not uncommon. Such as product is PKI from Verizon CyberTrust called UniCERT, or UniCERT PKI for short. Although the product delivers standard PKI features, like many Unix-Java based products it has many limitations when it comes to integration into the Windows world. […]


ADFS 3.0 in Windows 2012 R2: Self Signed Certificate 1

A recent lab build showed me that in spite Microsoft’s evangelism for Powershell scripting, every product is not yet aligned and also made me discover a nice Powershell Module about PKI management. The initial goal of my lab was to test the Active Directory Federation Services role from the Windows […]


Windows Domain Controller Certificate template for LDAPS, Strong KDC, etc. 1

To perform LDAPS with Domain Controllers, you must install a certificate into the personal store of the computer account. If you are using Windows Enterprise CAs, it is no problem, as a dedicated template used to exist for a while. For 3rd-party CAs, until Windows 2003, the requirements the certificate […]