Amer_Kamal

Design Considerations before Building a Two Tier PKI Infrastructure

First published on TECHNET on Jun 19, 2010 Environmental Dependencies: 1- Determine if the Active Directory Forest has Windows 2000 Domain Controllers. This is important because of modifications to the CertPublishers group scope, and permissions related to the AdminSDHolder role. These permissions can be added by using the Dsacls command. 2- Determine if the Active […]

Design Considerations before Building a Two Tier PKI Infrastructure Continue Reading

Disaster Recovery Procedures for Active Directory Certificate Services (ADCS)

First published on TECHNET on Apr 20, 2010 Introduction When designing a public key infrastructure (PKI) for your organization, you must develop an effective disaster recovery plan to ensure that, in the event of failure of the computer hosting Certificate Services, you can recover in a timely manner with little effect on your organization. Common

Disaster Recovery Procedures for Active Directory Certificate Services (ADCS) Continue Reading

Windows Server 2012 R2/IIS8.5 – Automatic Rebind of Renewed Certificates

First published on TECHNET on Apr 28, 2014 Hello All, This is Wes Hammond with Premier Field Engineering back with follow up to a previous blog about automatic renewal of web site certificates.  The original blog can be found in the references below. IIS 8.5 in Windows Server 2012 R2 includes a new option that

Windows Server 2012 R2/IIS8.5 – Automatic Rebind of Renewed Certificates Continue Reading

Upgrade Certification Authority to SHA256

First published on TECHNET on Sep 19, 2013 A common question in the field is about upgrading a certification authority running on Windows Server 2003 to use Crypto Next Generation (CNG) to support SHA256. CNG was introduced in Windows Server 2008 and higher operating systems, as a result,an upgrade to the operating system is required.

Upgrade Certification Authority to SHA256 Continue Reading

Renew Web Server (SSL) Certificates Automatically

First published on TECHNET on Aug 27, 2013 Working with Internet Information Services (IIS) certificates can be a bit challenging especially during renewal time. Most organizations do not track Web SSL certificates which in turn might expire and cause an unplanned outage. Those who track this information on the other hand, have to make sure

Renew Web Server (SSL) Certificates Automatically Continue Reading

Windows Server 2012 Active Directory Certificate Services System State Backup and Restore

First published on TECHNET on Mar 21, 2013 Windows Server 2012 System State Backup allows an administrator to back-up several Operating System components including those required for a successful restore of a Certification Authority. Any certification authority backup should include the private key, certificate database, logs and the certification authority’s registry configuration. Windows Server Backup

Windows Server 2012 Active Directory Certificate Services System State Backup and Restore Continue Reading

Viewing Expired Certificate Revocation List (CRL)

First published on TECHNET on Dec 20, 2012 Many customers must perform a regulatory audit annually to comply with industry standards and business trends. Recently I was contacted by one of my customers, who was not able to view all of Certificate Revocation Lists (CRLs) issued by their Enterprise Certification Authority. The customer mentioned they

Viewing Expired Certificate Revocation List (CRL) Continue Reading

Connecting iPads to an Enterprise Wireless 802.1x Network Using Certificates and Network Device Enrollment Services (NDES)

First published on TECHNET on Feb 27, 2012 Important notice : Microsoft does not support any apple products, if you need to troubleshoot any problem related to Apple products, please refer to http://www.apple.com/support Warning SCEP was designed to be used in a closed network where all end-points are trusted. The warnings from CERT in the

Connecting iPads to an Enterprise Wireless 802.1x Network Using Certificates and Network Device Enrollment Services (NDES) Continue Reading

Decommissioning an Old Certification Authority without affecting Previously Issued Certificates and then Switching Operations to a New One

First published on TECHNET on Jan 27, 2012 Jonathan Stephens posted an excellent Blog about this topic ; however, it didn’t include the steps. As a result, I decided to type this Blog detailing the steps required. The following assumptions have to be met before proceeding with these steps: Steps: Note: Ignore the LDAP and C:%windir%

Decommissioning an Old Certification Authority without affecting Previously Issued Certificates and then Switching Operations to a New One Continue Reading

Key Recovery vs Data Recovery Differences

First published on TECHNET on Oct 28, 2011 I am often asked when talking to my customers about the differences between Key Recovery and Data Recovery for encrypted files, in addition to which method to use. As a result, This Blog will focus on both areas, explaining the differences and best practices. Both methods can

Key Recovery vs Data Recovery Differences Continue Reading