Browse by Tags

Tagged Content List
  • Blog Post: Enabling CEP and CES for enrolling non-domain joined computers for certificates

    Hey all, Rob here again. I thought I would expand upon my last blog describing Certificate Enrollment Web Services by covering some of the different configurations that are possible. As a refresher, Certificate Enrollment Policy and Certificate Enrollment Services abstracts certificate Policy and...
  • Blog Post: How to configure the Windows Server 2008 CA Web Enrollment Proxy

    Hi all, Rob here again. I had a case recently where the customer wanted to have the Windows Server 2008 Certificate Authority website loaded on another machine. For those of you that do not know, you can install the Windows Server 2008 CA web site pages on an alternate server from the CA. One reason...
  • Blog Post: Friday Mail Sack: Guest Reply Edition

    Hi folks, Ned here again. This week we talk: CA migration from 1 to 2 tier ADAM/ADLDS P2V ABC 123 Managing AGPM security filters Multiple IIS App pools and Kerberos AGPM multi-domain comparison ADUC domain password weirdness DFSR deletion conflict handling Stale account deletion...
  • Blog Post: Extended Validation support for websites using internal certificates

    Hey all Rob here again. One feature that that is new with Windows Server 2008R2 / Windows 7 is the ability to configure your internal certification authority hierarchy in order to issue certificates that can show as Extended Validation certificates. So for those of you who do not know, this means...
  • Blog Post: Working with Certificates in Active Directory PowerShell

    http://blogs.msdn.com/adpowershell/archive/2009/04/26/working-with-certificates.aspx
  • Blog Post: Designing and Implementing a PKI: Part I Design and Planning

    The series: Designing and Implementing a PKI: Part I Design and Planning Designing and Implementing a PKI: Part II Implementation Phases and Certificate Authority Installation Designing and Implementing a PKI: Part III Certificate Templates Designing and Implementing a PKI: Part IV Configuring SSL for...
  • Blog Post: The Certificate Template Manager Hangs Indefinitely

    Hey ladies and gents, Sean here again. Recently I ran into an issue with Windows Server 2003 that caused the Certificate Template Manager to hang. I’ll discuss the problem and provide solutions so you don’t get stuck wondering what’s going on if this happens to you. First, let’s talk about the symptoms...
  • Blog Post: Designing and Implementing a PKI - Series Wrapup and Downloadable Copies

    Hi all, Ned here again. We usually get asked for a more portable version of our multi-part blog posts so - for once - I am creating it before the yelling starts. Chris’ “Designing and Implementing a PKI” series is included below in a few common file formats: Download in DOX format...
  • Blog Post: Windows Server 2008 R2 CAPolicy.inf Syntax

    Greetings! This is Jonathan again. I was reviewing Chris’ excellent blog post series on designing and implementing a PKI when I realized that it would be helpful to better document the CAPolicy.inf file. The information in this post relies heavily on the information published in the Windows Server...
  • Blog Post: Replacing an Expired DRA Certificate

    Hi, Tom here from the Directory Services team. One of the most common EFS issues we see is for an expired Domain Data Recovery Agent (DRA) certificate. It is also one of the easiest things to resolve. You may have seen the error Recovery Policy for this system contains an invalid recovery certificate...
  • Blog Post: Implementing an OCSP responder: Part II - Preparing Certificate Authorities

    Chris here again. In Part I we covered some of the basics and background information on the reason for the OCSP Responder and a basic understanding of how the OCSP Responder functions. So now we look towards implementing the OCSP Responder. However, before we move forward with the Install of the OCSP...
  • Blog Post: Designing and Implementing a PKI: Part V Disaster Recovery

    The series: Designing and Implementing a PKI: Part I Design and Planning Designing and Implementing a PKI: Part II Implementation Phases and Certificate Authority Installation Designing and Implementing a PKI: Part III Certificate Templates Designing and Implementing a PKI: Part IV Configuring SSL for...
  • Blog Post: Certificate Enrollment Web Services

    Hey everyone, Rob here again. With the release of Windows Server 2008 R2 and Windows 7 we have added new methods of enrolling for certificates: Certificate Enrollment Policy (CEP) and Certificate Enrollment Service (CES). CEP is a web service that enables users and computers to obtain certificate enrollment...
  • Blog Post: Implementing an OCSP responder: Part III - Configuring OCSP for use with Enterprise CAs

    Chris here again. As promised I will be covering configuring an OCSP Responder to support Enterprise CA. I will also be covering validating your OCSP Configuration. Installing OCSP Responder Role The first step is to install the OCSP Responder Role. To install the OCSP Responder: Open a command...
  • Blog Post: Implementing an OCSP responder: Part IV - Configuring OCSP for use with Standalone CAs

    Chris here again. In part I of this series we covered the basics of how OCSP works. We also covered the underlying reasons for deploying an OCSP Responder. In Part II we covered configuring the Certificate Authorities for whom which the OCSP Responder will check revocation status for on behalf of the...
  • Blog Post: RSA Key Blocking is Coming

    Hey all, Ned here again with one of my rare public service announcement posts: In August 2012, Microsoft will issue a software update for Windows XP, Windows Server 2003, Windows Server 2003 R2, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2. The update will block the use...
  • Blog Post: Third Party Application Fails Using LDAP over SSL

    Hi, Michael here. The following issue is one that I have seen come up from time to time and can be a challenge for IT administrators who are trying to use the built in Version 2 Domain Controller Authentication template in their environment. The concern may be seen when folks used a version 1 certificate...
  • Blog Post: Moving Your Organization from a Single Microsoft CA to a Microsoft Recommended PKI

    Hi, folks! Jonathan here again, and today I want to talk about what appears to be an increasingly common topic: migrating from a single Windows Certification Authority (CA) to a multi-tier hierarchy. I’m going to assume that you already have a basic understanding of Public Key Infrastructure (PKI...
  • Blog Post: RSA Key Blocking is Here!

    Hello everyone. Jonathan here again with another Public Service Announcement post. Today, Microsoft has published a new Security Advisory: Microsoft Security Advisory (2661254): Update For Minimum Certificate Key Length The Security Advisory and the accompanying KB article have complete information...
  • Blog Post: Designing and Implementing a PKI: Part II Implementation Phases and Certificate Authority Installation

    The series: Designing and Implementing a PKI: Part I Design and Planning Designing and Implementing a PKI: Part II Implementation Phases and Certificate Authority Installation Designing and Implementing a PKI: Part III Certificate Templates Designing and Implementing a PKI: Part IV Configuring...
  • Blog Post: MD5 Signature Hash Deprecation and Your Infrastructure

    Hi everyone, David here with a quick announcement. Yesterday, MSRC announced a timeframe for deprecation of built-in support for certificates that use the MD5 signature hash. You can find more information here: http://blogs.technet.com/b/srd/archive/2013/08/13/cryptographic-improvements-in-microsoft...
  • Blog Post: Designing and Implementing a PKI: Part III Certificate Templates

    The series: Designing and Implementing a PKI: Part I Design and Planning Designing and Implementing a PKI: Part II Implementation Phases and Certificate Authority Installation Designing and Implementing a PKI: Part III Certificate Templates Designing and Implementing a PKI: Part IV Configuring SSL for...
  • Blog Post: Mapping One Smartcard Certificate to Multiple Accounts.

    Good morning world, Paul Fragale here to bring you the latest trend in smart card logon requests. Some people have been reading on our TechNet pages, such as Smart Card Authentication Changes , about the ability to allow users to have one smart card, one certificate on that smart card, and map to multiple...
  • Blog Post: Intermittent Mail Sack: Must Remember to Write 2013 Edition

    Hi all, Jonathan here again with the latest edition of the Intermittent Mail Sack. We've had some great questions over the last few weeks so I've got a lot of material to cover. This sack, we answer questions on: Issues upgrading DFSR hub servers to Windows Server 2012 AD FS Sign-out behavior...
  • Blog Post: Friday Mail Sack: Mothers day pfffft… when is son’s day?

    Hi folks, Ned here again. It’s been a little while since the last sack, but I have a good excuse: I just finished writing a poop ton of Windows Server 2012 depth training that our support folks around the world will use to make your lives easier (someday). If I ever open MS Word again it will be...