Select Page

How will Certificate Transparency affect existing Active Directory Certificate Services environments?

First published on TECHNET on Mar 12, 2018Wes Hammond here from Premier Field Engineering. It has been a while since I posted anything, but I wanted to step back into the spotlight to talk a little bit about something a ... continue reading

Implementing LDAPS (LDAP over SSL)

First published on TECHNET on Jun 02, 2011 LDAP over SSL (LDAPS) is becoming an increasingly hot topic - perhaps it is because Event Viewer ID 1220 is catching people's attention in the Directory Service Log or just that people ... continue reading

Common Questions about SHA2 and Windows

First published on TECHNET on Feb 08, 2011 Since my last post about SHA2 and Windows I’ve received numerous questions from customers and partners around three particular scenarios. This post will try to address those questions. Windows XP/2003 Enrollment in ... continue reading

Backing up Windows Server 2008 ADCS CA Keys

First published on TECHNET on Aug 06, 2010 [EDIT 2/20/2012] This problem has recently been resovled in a hotfix update. S ystem state backup does not include CA private keys in Windows Server 2008 or in Windows Server 2008 R2 ... continue reading

Firewall Rules for Active Directory Certificate Services

First published on TECHNET on Jun 25, 2010 Below is a list of ports that need to be opened on Active Directory Certificate Services servers to enable HTTP and DCOM based enrollment The information was developed by Microsoft Consultant Services ... continue reading

Certificate Path Validation in Bridge CA and Cross-Certification Environments

First published on TECHNET on May 12, 2010 Recently, we’ve had a deluge of questions regarding chain building and selection, especially in the presence of cross-certified certificates. Hopefully, this post will make Crypto API 2 (CAPI2) chaining logic clearer and ... continue reading

How to Request a Certificate With a Custom Subject Alternative Name

First published on TECHNET on Apr 22, 2010 Today many servers require some sort of SSL certificate to be deployed and in many cases custom names are involved. My colleague just published a document How to Request a Certificate With ... continue reading

AD Schema Requirements for Windows PKI features

First published on TECHNET on Dec 04, 2009 There have been a number of questions about Active Directory (AD) schema requirements for the Windows PKI features so I decided this deserves a blog post. Cheat sheet 1. Version 2 and ... continue reading

Cross-forest certificate enrollment white paper update

First published on TECHNET on Aug 24, 2009 We’ve just updated the Beta version of the cross-forest certificate enrollment white paper. In addition to fixing some of the bugs we had in the previous version, we’ve added sections around supporting ... continue reading

How to get request statistics by template in PowerShell

First published on TECHNET on Sep 09, 2009 I’ve been working with our support folks helping one of our customers. One of the things we wanted to learn about the environment is how many requests have been made for each ... continue reading