NoMoePwds

Setting up TPM protected certificates using a Microsoft Certificate Authority – Part 3: Key Attestation

First published on TECHNET on Sep 08, 2014 Hey Everyone, I am back with the last part of this 3 of this series on TPM protected certificates.  The last topic for this series is on Key Attestation.  Recently I have had a few people ask me about the Key Attestation tab in Windows Server 2012 […]

Setting up TPM protected certificates using a Microsoft Certificate Authority – Part 3: Key Attestation Continue Reading

Setting up TPM protected certificates using a Microsoft Certificate Authority – Part 1: Microsoft Platform Crypto Provider

First published on TECHNET on Jun 05, 2014 Hey Everyone, This is Wes Hammond with Premier Field Engineering back to share what I have learned about protecting digital certificates using the Trusted Platform module in Windows desktops, laptops and servers. This is part one of a three part series that will include the Microsoft Platform

Setting up TPM protected certificates using a Microsoft Certificate Authority – Part 1: Microsoft Platform Crypto Provider Continue Reading

Certificate for WinRT devices and non-domain member devices

First published on TECHNET on Dec 10, 2012 Hi there, I am a test engineer in the Windows team working on certificate enrollment related areas. Today I want to talk about certificates for Windows RT devices Windows RT devices run on ARM processor , which is different from a typical computer, but it does have

Certificate for WinRT devices and non-domain member devices Continue Reading

Blocking RSA Keys less than 1024 bits (part 2)

First published on TECHNET on Jul 13, 2012 On August 14, 2012, Microsoft will issue a critical non-security update (KB 2661254) for Windows XP, Windows Server 2003, Windows Server 2003 R2, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2. The update will block the use of cryptographic keys that are less than 1024 bits. This

Blocking RSA Keys less than 1024 bits (part 2) Continue Reading

RSA keys under 1024 bits are blocked

First published on TECHNET on Jun 11, 2012 Public key based cryptographic algorithms strength is determined based on the time taken to derive the private key using brute force methods. The algorithm is deemed to be strong enough when the time required to derive private key is prohibitive enough using the computing power at disposal.

RSA keys under 1024 bits are blocked Continue Reading

Best Practice for Configuring Certificate Template Cryptography

First published on TECHNET on Apr 27, 2012 Starting with Windows Vista and Windows Server 2008, the option to utilize Key Storage Providers (KSPs) in addition to Cryptographic Service Providers (CSPs) was added. These options are available when you create a Certificate Template and configure the settings in the Cryptography tab. Depending on the template

Best Practice for Configuring Certificate Template Cryptography Continue Reading

Does Enterprise PKI (PKIVIEW) support OCSP?

First published on TECHNET on Oct 07, 2011 A common question from certification authority administrators is “Does Enterprise PKI (PKIView) support OCSP?” Yes, the Microsoft Management Console (MMC) Enterprise PKI ( PKIView ), supports the  When setting up Certificate Extensions, you must ensure that the Include in the AIA extension of issued certificates is not

Does Enterprise PKI (PKIVIEW) support OCSP? Continue Reading