Security

Technical articles from Microsoft’s official blogs of in-depth discussions of security, cybersecurity and technology trends affecting trust in computing. This includes timely security news, trends, and best practices.

How to Request a Certificate With a Custom Subject Alternative Name

First published on TECHNET on Apr 22, 2010 Today many servers require some sort of SSL certificate to be deployed and in many cases custom names are involved. My colleague just published a document How to Request a Certificate With a Custom Subject Alternative Name that I strongly recommend reading.   This article was originally […]

How to Request a Certificate With a Custom Subject Alternative Name Continue Reading

AD Schema Requirements for Windows PKI features

First published on TECHNET on Dec 04, 2009 There have been a number of questions about Active Directory (AD) schema requirements for the Windows PKI features so I decided this deserves a blog post. Cheat sheet 1. Version 2 and Version 3 certificate templates require Windows Server 2003 (version 30) or later schema. It doesn’t

AD Schema Requirements for Windows PKI features Continue Reading

Deployment of the new Federal Common Policy CA Root Certificate

First published on TECHNET on Mar 13, 2011 Background On December 1, 2010 the Federal PKI Management Authority (FPKIMA), in compliance with NIST guidance , created a new SHA-256 Federal Common Policy root certification authority. Windows Update will include the new Federal Common Policy Root CA (FCPCA) certificate as part of the Microsoft Root Certificate

Deployment of the new Federal Common Policy CA Root Certificate Continue Reading

Cross-forest certificate enrollment white paper update

First published on TECHNET on Aug 24, 2009 We’ve just updated the Beta version of the cross-forest certificate enrollment white paper. In addition to fixing some of the bugs we had in the previous version, we’ve added sections around supporting selective authentication, enrollment web pages, and provided a script to delete PKI objects from AD.

Cross-forest certificate enrollment white paper update Continue Reading

Creating self-signed certificates with a script

First published on TECHNET on Aug 23, 2009 Here is a great post by one of my colleagues on how to create a self-signed certificate using PowerShell: http://blogs.technet.com/vishalagarwal/archive/2009/08/22/generating-a-certificate-self-signed-using-powershell-and-certenroll-interfaces.aspx .   This article was originally published by Microsoft’s Core Infrastructure and Security Blog. You can find the original article here.

Creating self-signed certificates with a script Continue Reading

How to create a web server SSL certificate manually

First published on TECHNET on Aug 05, 2009 The Internet Information Server (IIS) and Microsoft Internet Security and Acceleration (ISA) provide wizards in the administration user interface to request and install SSL certificates. With this blog post I want to explain how to request a SSL server certificate manually. The manual steps are required if

How to create a web server SSL certificate manually Continue Reading

Script to send Email alerts on Expiring certificates for Important Certificate Templates

Hi all! Zoheb Shaikh here again, and this time I will be sharing an interesting script to alert on Expiring certificates. A special thank you goes out to Eddy Ng Seng Eu for help in development of this Script. Eddy Ng is a PowerShell champion based out of Malaysia whom I always reach out to

Script to send Email alerts on Expiring certificates for Important Certificate Templates Continue Reading

Enable Vulnerability Assessment Check in Azure Security Center (ASC)

Hello everyone!  Tim Beasley coming at ya’ from the cold, destitute land we humbly call Misery (Missouri).  Sometimes I really miss Texas…  Anywho.   One of my amazing customers recently asked about the illusive “Vulnerability Assessment” we introduced to Azure Security Center not too long ago.  They struggled to find it and thought it was just

Enable Vulnerability Assessment Check in Azure Security Center (ASC) Continue Reading

Preparing to Deploy Extended Security Updates

Update 02.03.2020: Updated post to confirm that Security Only Quality Updates from November 2019 and onward satisfy the pre-requisites for the ESU key. With the end of support for these Operating Systems on January 14, 2020, many of our customers are asking for help on how to get ready to deploy Extended Security Updates (ESU).

Preparing to Deploy Extended Security Updates Continue Reading

Setting up TPM protected certificates using a Microsoft Certificate Authority – Part 3: Key Attestation

First published on TECHNET on Sep 08, 2014 Hey Everyone, I am back with the last part of this 3 of this series on TPM protected certificates.  The last topic for this series is on Key Attestation.  Recently I have had a few people ask me about the Key Attestation tab in Windows Server 2012

Setting up TPM protected certificates using a Microsoft Certificate Authority – Part 3: Key Attestation Continue Reading