Select Page

Certificate Path Validation in Bridge CA and Cross-Certification Environments

First published on TECHNET on May 12, 2010 Recently, we’ve had a deluge of questions regarding chain building and selection, especially in the presence of cross-certified certificates. Hopefully, this post will make Crypto API 2 (CAPI2) chaining logic clearer and ... continue reading

How to Request a Certificate With a Custom Subject Alternative Name

First published on TECHNET on Apr 22, 2010 Today many servers require some sort of SSL certificate to be deployed and in many cases custom names are involved. My colleague just published a document How to Request a Certificate With ... continue reading

AD Schema Requirements for Windows PKI features

First published on TECHNET on Dec 04, 2009 There have been a number of questions about Active Directory (AD) schema requirements for the Windows PKI features so I decided this deserves a blog post. Cheat sheet 1. Version 2 and ... continue reading

Cross-forest certificate enrollment white paper update

First published on TECHNET on Aug 24, 2009 We’ve just updated the Beta version of the cross-forest certificate enrollment white paper. In addition to fixing some of the bugs we had in the previous version, we’ve added sections around supporting ... continue reading

How to get request statistics by template in PowerShell

First published on TECHNET on Sep 09, 2009 I’ve been working with our support folks helping one of our customers. One of the things we wanted to learn about the environment is how many requests have been made for each ... continue reading

Creating self-signed certificates with a script

First published on TECHNET on Aug 23, 2009 Here is a great post by one of my colleagues on how to create a self-signed certificate using PowerShell: http://blogs.technet.com/vishalagarwal/archive/2009/08/22/generating-a-certificate-self-signed-using-powershell-and-certenroll-interfaces.aspx ... continue reading

CA Performace testing

First published on TECHNET on Aug 12, 2009 One of our collegues posted an interesting blog entry on CA scalability testing: http://blogs.technet.com/wincat/archive/2009/08/10/scale-testing-the-world-s-largest-pki-all-running-on-ws08r2-and-hyper-v.aspx . Alex Radutskiy Program Manager, Windows Security ... continue reading

AD CS Installation is Crashing on x64 Platform

First published on TECHNET on Aug 09, 2009 The following problem affects a Certification authority running on the 64-bit edition of Windows Server 2008 and Windows Server 2008 R2. The problem does not occur on x86 (32-bit) platform of both ... continue reading

Sample Code: End-to-End Certificate Transparency requests on ADCS CA

First published on TECHNET on Dec 12, 2018Hello all, Tochi Ezebube here again from the Active Directory Certificate Services engineering team.Sometime back, we released support for the precertificate flow of Certificate Transparency v1 (RFC 6962) in Windows Server 2016 ( ... continue reading

How to write an NDES policy module

First published on TECHNET on Nov 30, 2016Hi there!This is Tochi Ezebube with the Active Directory Certificate Services (ADCS) engineering team; I wanted to share some further details on how to write a custom policy module for the ADCS Network ... continue reading