Below is a list of ports that need to be opened on Active Directory Certificate Services servers to enable HTTP and DCOM based enrollment The information was developed by Microsoft Consultant Services during one of our customer engagements Protocol Port...

Environmental Dependencies: 1- Determine if the Active Directory Forest has Windows 2000 Domain Controllers. This is important because of modifications to the CertPublishers group scope, and permissions related to the AdminSDHolder role. These permissions...

Recently, we’ve had a deluge of questions regarding chain building and selection, especially in the presence of cross-certified certificates. Hopefully, this post will make Crypto API 2 (CAPI2) chaining logic clearer and help enterprise admins design and troubleshoot their public key infrastructure....

This script writes a Certification Authority's Certificate Revocation List to HTTP based CRL Distribution Points via a UNC path. It checks to make sure that the copy was successful and that the CDPs have not and are not about to expire. Alerts/status...

Today many servers require some sort of SSL certificate to be deployed and in many cases custom names are involved. My colleague just published a document How to Request a Certificate With a Custom Subject Alternative Name that I strongly recommend reading...

Introduction: When designing a public key infrastructure (PKI) for your organization, you must develop an effective disaster recovery plan to ensure that, in the event of failure of the computer hosting Certificate Services, you can recover in a timely...

This is just a cross post notification. Our friends from the Active Directory Services Team published an interesting read about Enabling CEP and CES to enroll non-domain joined computers for certificates .

The official version of the new 2008 R2 ADCS Migration Guide is now available at http://technet.microsoft.com/en-us/library/ee126170(WS.10).aspx . The guide describes the necessary steps for a successful migration of both enterprise and standalone CAs...

There are two types of certification authorities: Standalone and Enterprise. Only Enterprise certification authorities have been tested for clustered installations. A very short but may be important statement.

This document explains the interdependencies between Active Directory Domain Services (AD DS) and Public Key Infrastructure (PKI) related to Homeland Security Presidential Directive 12 (HSPD-12) smart card logon. Topics concerning the Federal PKI Common...

Below are some numbers we have measured when testing the Windows CA in our lab environment. Note that the numbers will change and depends on many factors (network topology, request types, other server workloads, etc.) However, the numbers are a good starting...

The colleagues from the AskDS blog posted a quite valuable article about Clustered CA maintenance tasks .

The beta version of the new 2008 R2 ADCS Migration Guide is now available at http://technet.microsoft.com/en-us/library/ee126140(WS.10).aspx . The guide describes the necessary steps for a successful migration of enterprise or standalone CAs from Windows...

There have been a number of questions about Active Directory (AD) schema requirements for the Windows PKI features so I decided this deserves a blog post. Cheat sheet 1. Version 2 and Version 3 certificate templates require Windows Server 2003 (version...

The following text is a simple copy/paste from the TechNet article How Certificates Work (section How Certificates are Created ). Why am I posting this information to the blog? Quite simple: I recognize that it is often overlooked that the key pair generation...

A whitepaper on Certificate Revocation Checking in Windows Vista and Windows Server 2008 has been publshed on Technet here - http://technet.microsoft.com/en-us/library/ee619730(WS.10).aspx Topics in this whitepaper include: · What’s new in Windows Vista...

On May 9 th , 2009 Entrust Managed Services (provider of HSPD-12 certificates) performed a key update ceremony on the Entrust Managed Services Root and SSP certification authorities. HSPD-12 certificates issued after May 9 th , 2009 will not work on the...

A new deployment guide was published on Windows7 BranchCache. It covers the PKI requirements for this feature along with other deployment procedures. The full guide can be found here: BranchCache Deployment Guide for Windows Server 2008 R2 and Windows...

WARNING: USE OF THE SAMPLE CODE PROVIDED IN THIS ARTICLE IS AT YOUR OWN RISK. Microsoft provides this sample code "as is" without warranty of any kind, either express or implied, including but not limited to the implied warranties of merchantability and...

In my previous post I provided a script used for setup and installation of a CA using VBScript. The same script is capable of installing a CA on server core, where there is no UI available for installing. With the script and a few possible additional...

Starting with Windows Server 2008 the CA product team introduced a set of COM objects that can be used to control the installation of CAs. Using VBScript you can quickly automate the setup and installation of a CA.Below is a script that is being used...

If you are interested in reading more official Microsoft Team blogs, see http://blogs.technet.com/blogms/pages/directory-of-microsoft-team-blogs.aspx . This page is a great collection of valuable blog information.

The Windows Server 2008 R2 Certificate Enrollment Web Services Whitepaper has been posted to the download center: you can download it here . This is just the initial document release for RTM.  We plan to publish the content to various Technet locations...

I’ve been working with our support folks helping one of our customers. One of the things we wanted to learn about the environment is how many requests have been made for each certificate template that they issue. We have come up with this PowerShell script...

We’ve had many requests for what services and features are available in what Windows Server version and SKU.   The table below is our attempt to answer those questions. SKU Table (NOTE: entire table describes what is available in an Enterprise...