Welcome to TechNet Blogs Sign in | Join | Help

Browse by Tags

All Tags » Configuration   (RSS)
Friday, September 18, 2009 5:23 PM

Automated CA installs using VB script on Windows Server 2008 and 2008R2 [UPDATED]

Starting with Windows Server 2008 the CA product team introduced a set of COM objects that can be used to control the installation of CAs. Using VBScript you can quickly automate the setup and installation of a CA.Below is a script that is being used
Posted by shawncor | 0 Comments
Attachment(s): setupca.vbs
Thursday, April 23, 2009 6:57 AM

How to configure the Windows Server 2008 CA Web Enrollment Proxy

A co-worker posted an interesting blog about configuring the Windows Server 2008 CA Web Enrollment proxy at http://blogs.technet.com/askds/archive/2009/04/22/how-to-configure-the-windows-server-2008-ca-web-enrollment-proxy.aspx .
Posted by MS2065 | 0 Comments
Filed under:
Monday, February 09, 2009 4:30 PM

Certificate distribution and the Microsoft Terminal Services Client

A few days ago I worked in a test environment that also consists of a PKI. I used the Microsoft Terminal Services Client (mstsc.msc) for a while to connect to various machines in the test environment. One day, I helped a coworker troubleshooting a certificate
Posted by MS2065 | 0 Comments
Filed under:
Monday, January 26, 2009 6:41 AM

Certificate Services setup failed with the following error: Element not found. 0x80070490

Until Windows Server 2008 shipped, every Domain Controller had a readable and writable copy of the Active Directory schema, domain naming context and configuration naming context. This statement changed when we introduced the Read Only Domain Controller
Posted by MS2065 | 0 Comments
Filed under:
Sunday, January 18, 2009 8:03 PM

How to decommission a Windows enterprise certification authority and how to remove all related objects from Windows Server 2003

Today I want to comment on the quite popular Microsoft Knowledgebase article How to decommission a Windows enterprise certification authority and how to remove all related objects from Windows Server 2003 and from Windows 2000 Server . I am referring
Posted by MS2065 | 0 Comments
Filed under:
Sunday, October 05, 2008 11:10 AM

Suppressing certificate attributes in a CA certificate request

When a PKCS#10 request for a CA certificate is generated, a pre-defined set of certificate attributes is included. This blog entry explains how to eliminate attributes that would go into the CA certificate request by default. Imagine that you are setting
Posted by MS2065 | 0 Comments
Filed under:
Thursday, July 31, 2008 4:41 PM

You cannot add V2 or V3 templates after an inplace upgrade was performed on a Windows Server 2008 enterprise CA

Technically, it is possible to install an enterprise CA on a Windows Server Standard edition. With this configuration, enterprise features of the certification authority are intentionally not available. To enable the CA enterprise features, it is required
Posted by MS2065 | 1 Comments
Filed under:
Thursday, June 05, 2008 4:52 AM

How EffectiveDate (thisupdate), NextUpdate and NextCRLPublish are calculated

The validity time of a certificate revocation list (CRL) is critical for every public key infrastructure. By default, most applications verify the validity of certificates against a CRL. Two CRL types exist: base CRLs and delta CRLs. In case where no
Posted by MS2065 | 3 Comments
Filed under:
Thursday, September 13, 2007 9:51 AM

How to refresh the CRL cache on Windows Vista

By default, Windows is caching Certificate Revocation Lists (CRL) and CA certificates to quickly verify certificate chains. The downside of this behavior is that a newer CRL is not picked up by the client until the locally cached CRL has expired. Windows
Posted by MS2065 | 2 Comments
Filed under:
Monday, August 06, 2007 7:58 PM

How to re-install the default certificate templates?

When you launch the certificate templates MMC snap-in (certtmpl.msc) for the first time, the certificate templates are installed automatically in the background. Installing the templates is independent of the availability of an enterprise CA. Enterprise
Posted by MS2065 | 0 Comments
Filed under:
Sunday, May 27, 2007 1:54 PM

The missing EDIT button in the CA properties extensions tab

To adjust the CRL and AIA distribution point there are at least three choices to do it. The most familiar way to change the distribution point might be through the CA MMC user interface. The second way is to directly change the registry key CACertPublicationURLs
Posted by MS2065 | 0 Comments
Filed under: ,
Friday, April 13, 2007 10:27 AM

Manually publishing a CA certificate or CRL into a LDAP store

The CA is automatically publishing its own certificates and related CRLs into Active Directory if a LDAP reference is configured in the CA property “Extensions”. If you are using a different LDAP server (such as Microsoft ADAM ) to make the CA certificate
Posted by MS2065 | 2 Comments
Filed under: ,
Monday, February 26, 2007 7:52 AM

How to find out the max size of certificate attributes

The other day I was asked how many subject alternate names will fit into a single certificate. I asked myself what the best way would be to find out. After a short time of thinking I decided to look at the schema defintion of the CA database. The schema
Posted by MS2065 | 0 Comments
Filed under: ,
Wednesday, January 03, 2007 12:02 PM

How to exclude the certificate template name from certificates to be issued

By default, a Windows CA enterprise CA adds information about the used certificate template to issued certificates. These certificate attributes are especially important to perform certificate autoenrollement. However, in heterogeneous environments you
Posted by MS2065 | 0 Comments
Filed under:
Monday, December 04, 2006 8:00 PM

A file distribution point must follow the UNC syntax

Several whitepapers explain the three valid protocols (HTTP, LDAP or FILE) to retrieve a Certificate Revocation List (CRL) or the Authority Information Access (AIA). However, none of these whitepapers is specific about the syntax for the file protocol
Posted by MS2065 | 0 Comments
Filed under:
 
Page view tracker