Welcome to TechNet Blogs Sign in | Join | Help

Browse by Tags

All Tags » Configuration   (RSS)
Sunday, October 05, 2008 11:10 AM

Suppressing certificate attributes in a CA certificate request

When a PKCS#10 request for a CA certificate is generated, a pre-defined set of certificate attributes is included. This blog entry explains how to eliminate attributes that would go into the CA certificate request by default. Imagine that you are setting
Posted by MS2065 | 0 Comments
Filed under:
Thursday, July 31, 2008 4:41 PM

You cannot add V2 or V3 templates after an inplace upgrade was performed on a Windows Server 2008 enterprise CA

Technically, it is possible to install an enterprise CA on a Windows Server Standard edition. With this configuration, enterprise features of the certification authority are intentionally not available. To enable the CA enterprise features, it is required
Posted by MS2065 | 0 Comments
Filed under: , ,
Thursday, June 05, 2008 4:52 AM

How EffectiveDate (thisupdate), NextUpdate and NextCRLPublish are calculated

The validity time of a certificate revocation list (CRL) is critical for every public key infrastructure. By default, most applications verify the validity of certificates against a CRL. Two CRL types exist: base CRLs and delta CRLs. In case where no
Posted by MS2065 | 0 Comments
Filed under:
Monday, August 06, 2007 7:58 PM

How to re-install the default certificate templates?

When you launch the certificate templates MMC snap-in (certtmpl.msc) for the first time, the certificate templates are installed automatically in the background. Installing the templates is independent of the availability of an enterprise CA. Enterprise
Posted by MS2065 | 0 Comments
Filed under:
Sunday, May 27, 2007 1:54 PM

The missing EDIT button in the CA properties extensions tab

To adjust the CRL and AIA distribution point there are at least three choices to do it. The most familiar way to change the distribution point might be through the CA MMC user interface. The second way is to directly change the registry key CACertPublicationURLs
Posted by MS2065 | 0 Comments
Filed under: ,
Friday, April 13, 2007 10:27 AM

Manually publishing a CA certificate or CRL into a LDAP store

The CA is automatically publishing its own certificates and related CRLs into Active Directory if a LDAP reference is configured in the CA property “Extensions”. If you are using a different LDAP server (such as Microsoft ADAM ) to make the CA certificate
Posted by MS2065 | 2 Comments
Filed under: ,
Monday, February 26, 2007 7:52 AM

How to find out the max size of certificate attributes

The other day I was asked how many subject alternate names will fit into a single certificate. I asked myself what the best way would be to find out. After a short time of thinking I decided to look at the schema defintion of the CA database. The schema
Posted by MS2065 | 0 Comments
Filed under: ,
Thursday, February 22, 2007 4:19 PM

How to manually set the archive flag for certifictes

If you have to select a certain certificate for authentication for example, you may wonder why several certificates are presented by the UI. Internet Explorer may offer several client authentication certificates while securely connecting to a web site
Posted by MS2065 | 1 Comments
Filed under:
Wednesday, January 03, 2007 12:02 PM

How to exclude the certificate template name from certificates to be issued

By default, a Windows CA enterprise CA adds information about the used certificate template to issued certificates. These certificate attributes are especially important to perform certificate autoenrollement. However, in heterogeneous environments you
Posted by MS2065 | 0 Comments
Filed under:
Monday, December 04, 2006 8:00 PM

A file distribution point must follow the UNC syntax

Several whitepapers explain the three valid protocols (HTTP, LDAP or FILE) to retrieve a Certificate Revocation List (CRL) or the Authority Information Access (AIA). However, none of these whitepapers is specific about the syntax for the file protocol
Posted by MS2065 | 0 Comments
Filed under:
 
Page view tracker