Windows PKI blog

News and information for public key infrastructure (PKI) and Active Directory Certificate Services (AD CS) professionals

Browse by Tags

Related Posts
  • Blog Post: Blocking RSA Keys less than 1024 bits (part 2)

    On August 14, 2012, Microsoft will issue a critical non-security update (KB 2661254) for Windows XP, Windows Server 2003, Windows Server 2003 R2, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2. The update will block the use of cryptographic keys that are less than 1024 bits...
  • Blog Post: Decommissioning an Old Certification Authority without affecting Previously Issued Certificates and then Switching Operations to a New One

    Jonathan Stephens posted an excellent Blog about this topic ; however, it didn’t include the steps. As a result, I decided to type this Blog detailing the steps required. The following assumptions have to be met before proceeding with these steps: 1- There is a new valid Certification Authority...
  • Blog Post: Request File Can’t be Located during CA Certificate Renewal

    During my work with a customer renewing their Issuing CA’s certificate based on the steps documented in this article , I discovered that the Request file generated couldn’t be located in the default location of %systemDrive% . The Issuing CA didn’t log any errors in the Event Log, nor...
  • Blog Post: Certificate Revocation Checking Whitepaper

    A whitepaper on Certificate Revocation Checking in Windows Vista and Windows Server 2008 has been publshed on Technet here - http://technet.microsoft.com/en-us/library/ee619730(WS.10).aspx Topics in this whitepaper include: · What’s new in Windows Vista and Windows Server 2008 revocation checking...
  • Blog Post: Announcing the automated updater of untrustworthy certificates and keys

    There are a number of known untrusted certificates and compromised keys that have been issued by standard trusted root certification authorities. To help customers avoid interacting with these untrusted or compromised certificates and keys, an Automatic Updater of revoked certificates is now available...
  • Blog Post: RSA keys under 1024 bits are blocked

    Public key based cryptographic algorithms strength is determined based on the time taken to derive the private key using brute force methods. The algorithm is deemed to be strong enough when the time required to derive private key is prohibitive enough using the computing power at disposal. The threat...
  • Blog Post: Certificate for WinRT devices and non-domain member devices

    Hi there, I am a test engineer in the Windows team working on certificate enrollment related areas. Today I want to talk about certificates for Windows RT devices Windows RT devices run on ARM processor , which is different from a typical computer, but it does have a full version of the Windows®...
  • Blog Post: Group Protected PFX

    A new feature is available in Windows Server 2012 and Windows 8 that allows you to protect exported PFX files (those in PKCS#12) to Active Directory Domain Services (AD DS) accounts. The feature is available only if you have a Windows Server 2012 domain controller deployed in your network. The TechNet...
  • Blog Post: Visual Basic for Applications and SHA2

    I was recently helping a customer deploy a SHA-256 based PKI. As part of the retirement of their old PKI, we reissued the code signing certificates used by their developers. We found that the Visual Studio 2010 developers had no issue with the new code signing certs, but the Visual Basic of Application...