First published on TECHNET on Apr 22, 2010 Today many servers require some sort of SSL certificate to be deployed and in many cases custom names are involved. My colleague just published a document How to Request a Certificate With a Custom Subject Alternative Name that I strongly recommend reading. This article was originally […]
Technical articles from Microsoft’s official blogs of in-depth discussions of security, cybersecurity and technology trends affecting trust in computing. This includes timely security news, trends, and best practices.
First published on TECHNET on Dec 04, 2009 There have been a number of questions about Active Directory (AD) schema requirements for the Windows PKI features so I decided this deserves a blog post. Cheat sheet 1. Version 2 and Version 3 certificate templates require Windows Server 2003 (version 30) or later schema. It doesn’t
First published on TECHNET on Mar 13, 2011 Background On December 1, 2010 the Federal PKI Management Authority (FPKIMA), in compliance with NIST guidance , created a new SHA-256 Federal Common Policy root certification authority. Windows Update will include the new Federal Common Policy Root CA (FCPCA) certificate as part of the Microsoft Root Certificate
First published on TECHNET on Aug 24, 2009 We’ve just updated the Beta version of the cross-forest certificate enrollment white paper. In addition to fixing some of the bugs we had in the previous version, we’ve added sections around supporting selective authentication, enrollment web pages, and provided a script to delete PKI objects from AD.
First published on TECHNET on Aug 23, 2009 Here is a great post by one of my colleagues on how to create a self-signed certificate using PowerShell: http://blogs.technet.com/vishalagarwal/archive/2009/08/22/generating-a-certificate-self-signed-using-powershell-and-certenroll-interfaces.aspx . This article was originally published by Microsoft’s Core Infrastructure and Security Blog. You can find the original article here.
First published on TECHNET on Aug 05, 2009 The Internet Information Server (IIS) and Microsoft Internet Security and Acceleration (ISA) provide wizards in the administration user interface to request and install SSL certificates. With this blog post I want to explain how to request a SSL server certificate manually. The manual steps are required if
Hi all! Zoheb Shaikh here again, and this time I will be sharing an interesting script to alert on Expiring certificates. A special thank you goes out to Eddy Ng Seng Eu for help in development of this Script. Eddy Ng is a PowerShell champion based out of Malaysia whom I always reach out to
Hello everyone! Tim Beasley coming at ya’ from the cold, destitute land we humbly call Misery (Missouri). Sometimes I really miss Texas… Anywho. One of my amazing customers recently asked about the illusive “Vulnerability Assessment” we introduced to Azure Security Center not too long ago. They struggled to find it and thought it was just
Update 02.03.2020: Updated post to confirm that Security Only Quality Updates from November 2019 and onward satisfy the pre-requisites for the ESU key. With the end of support for these Operating Systems on January 14, 2020, many of our customers are asking for help on how to get ready to deploy Extended Security Updates (ESU).
Setting up TPM protected certificates using a Microsoft Certificate Authority – Part 3: Key Attestation
First published on TECHNET on Sep 08, 2014 Hey Everyone, I am back with the last part of this 3 of this series on TPM protected certificates. The last topic for this series is on Key Attestation. Recently I have had a few people ask me about the Key Attestation tab in Windows Server 2012