Select Page

Microsoft Cloud Library

Articles about Microsoft Cloud

Latest news and technical articles related to cloud computing with Windows Server. We have carefully selected articles published by industry experts, featuring Microsoft’s engineering team.

Select a Topic to view articles of just that Topic. Select All to view the entire library.

Active Directory Certificate Services Features by SKU

First published on TECHNET on Sep 02, 2009 We’ve had many requests for what services and features are available in what Windows Server version and SKU. The TechNet Wiki article Active Directory Certificate Services Overview has this information under Features ... continue reading

Certificate Enrollment Web Services Whitepaper

First published on TECHNET on Sep 14, 2009 The Windows Server 2008 R2 Certificate Enrollment Web Services Whitepaper has been posted to the download center: you can download it here . This is just the initial document release for RTM ... continue reading

Automated CA installs using VB script on Windows Server 2008 and 2008R2 [UPDATED]

First published on TECHNET on Sep 18, 2009 Starting with Windows Server 2008 the CA product team introduced a set of COM objects that can be used to control the installation of CAs. Using VBScript you can quickly automate the ... continue reading

Using VBScript to install CA on WS2008R2 server core

First published on TECHNET on Sep 18, 2009 In my previous post I provided a script used for setup and installation of a CA using VBScript. The same script is capable of installing a CA on server core, where there ... continue reading

Introducing Certificate Template API

First published on TECHNET on Sep 25, 2009 WARNING: USE OF THE SAMPLE CODE PROVIDED IN THIS ARTICLE IS AT YOUR OWN RISK. Microsoft provides this sample code "as is" without warranty of any kind, either express or implied, including ... continue reading

BranchCache Deployment Guide for Windows Server 2008 R2 and Windows 7

First published on TECHNET on Oct 06, 2009 A new deployment guide was published on Windows7 BranchCache. It covers the PKI requirements for this feature along with other deployment procedures. The full guide can be found here: BranchCache Deployment Guide ... continue reading

Certificate Validation on Windows XP with Entrust SSP Issued HSPD-12 Certificates

First published on TECHNET on Oct 22, 2009 On May 9th, 2009 Entrust Managed Services (provider of HSPD-12 certificates) performed a key update ceremony on the Entrust Managed Services Root and SSP certification authorities. HSPD-12 certificates issued after May 9th, ... continue reading

Server 2008 R2 ADCS Migration Guide Beta

First published on TECHNET on Dec 21, 2009 The beta version of the new 2008 R2 ADCS Migration Guide is now available at http://technet.microsoft.com/en-us/library/ee126140(WS.10).aspx . The guide describes the necessary steps for a successful migration of enterprise or standalone CAs ... continue reading

Windows CA Performance Numbers

First published on TECHNET on Jan 11, 2010 Below are some numbers we have measured when testing the Windows CA in our lab environment. Note that the numbers will change and depends on many factors (network topology, request types, other ... continue reading
CA manager approval required for certificate re-enrollment

CA manager approval required for certificate re-enrollment

First published on TECHNET on Mar 08, 2011 Hi there, this is Larry, Developer from US, and Fabian, PFE from Germany, writing about an uncommon scenario that might raise questions sometimes. When enrolling certificates to clients or users, you might ... continue reading
Constraints: what they are and how they’re used

Constraints: what they are and how they’re used

First published on TECHNET on Mar 05, 2014Hey everyone this is Wes Hammond from Premier Field Engineering and I wanted to share with you some info that I have gathered about setting up constraints. Constraints are used to restrict certificate ... continue reading

Request File Can’t be Located during CA Certificate Renewal

First published on TECHNET on May 29, 2012 During my work with a customer renewing their Issuing CA’s certificate based on the steps documented in this article , I discovered that the Request file generated couldn’t be located in the ... continue reading

AD CS Content Updates

First published on TECHNET on Aug 03, 2011 The following documentation updates have been recently made: AD CS: Deploying Cross-forest Certificate Enrollment - updated with a link to the download center version of the document Additional documents added to the ... continue reading

Important Security Update for Windows Server: Active Directory Certificate Services Web Enrollment!

First published on TECHNET on Jun 14, 2011 An important security update, described in MS11-051 ( http://go.microsoft.com/fwlink/?LinkId=217101 ) was released today. The update fixes a cross-site scripting vulnerability in the sample web enrollment ASP pages that are part of Active ... continue reading

Implementing LDAPS (LDAP over SSL)

First published on TECHNET on Jun 02, 2011 LDAP over SSL (LDAPS) is becoming an increasingly hot topic - perhaps it is because Event Viewer ID 1220 is catching people's attention in the Directory Service Log or just that people ... continue reading
Verifying The SSL Certificate Expiration with a tool

Verifying The SSL Certificate Expiration with a tool

First published on TECHNET on Feb 21, 2011 An active member of our community developed a very handy tool to verify - or let's actually say monitor - the validity of SSL server certificates. After downloading and extracting the the ... continue reading

Common Questions about SHA2 and Windows

First published on TECHNET on Feb 08, 2011 Since my last post about SHA2 and Windows I’ve received numerous questions from customers and partners around three particular scenarios. This post will try to address those questions. Windows XP/2003 Enrollment in ... continue reading

SHA2 and Windows

First published on TECHNET on Sep 30, 2010 UPDATE (2/8): Based on some recent questions, additional information has been posted about SHA2 and Windows. We’ve recently received a couple of requests from customers around the functionality of SHA-256 when running ... continue reading

Active Directory Certificate Services Monitoring Management Pack

First published on TECHNET on Aug 16, 2010 A new version of the Certificate Services Monitoring Management Pack became available. Get more information from the Management Pack Catalog or the Microsoft Download Center ... continue reading

Microsoft Certificate Server virtualization policy

First published on TECHNET on Aug 09, 2010 If you are unsure regarding the Microsoft Certificate server virtualization policy, just see the Microsoft Virtual Server support policy knowledgebase article at http://support.microsoft.com/kb/897613 . It is worth to mention that a hardware ... continue reading

Backing up Windows Server 2008 ADCS CA Keys

First published on TECHNET on Aug 06, 2010 [EDIT 2/20/2012] This problem has recently been resovled in a hotfix update. S ystem state backup does not include CA private keys in Windows Server 2008 or in Windows Server 2008 R2 ... continue reading

Firewall Rules for Active Directory Certificate Services

First published on TECHNET on Jun 25, 2010 Below is a list of ports that need to be opened on Active Directory Certificate Services servers to enable HTTP and DCOM based enrollment The information was developed by Microsoft Consultant Services ... continue reading

Design Considerations before Building a Two Tier PKI Infrastructure

First published on TECHNET on Jun 19, 2010 Environmental Dependencies: 1- Determine if the Active Directory Forest has Windows 2000 Domain Controllers. This is important because of modifications to the CertPublishers group scope, and permissions related to the AdminSDHolder role ... continue reading

Certificate Path Validation in Bridge CA and Cross-Certification Environments

First published on TECHNET on May 12, 2010 Recently, we’ve had a deluge of questions regarding chain building and selection, especially in the presence of cross-certified certificates. Hopefully, this post will make Crypto API 2 (CAPI2) chaining logic clearer and ... continue reading
Powershell CRL Copy

Powershell CRL Copy

First published on TECHNET on May 12, 2010 This script writes a Certification Authority's Certificate Revocation List to HTTP based CRL Distribution Points via a UNC path. It checks to make sure that the copy was successful and that the ... continue reading

How to Request a Certificate With a Custom Subject Alternative Name

First published on TECHNET on Apr 22, 2010 Today many servers require some sort of SSL certificate to be deployed and in many cases custom names are involved. My colleague just published a document How to Request a Certificate With ... continue reading

Disaster Recovery Procedures for Active Directory Certificate Services (ADCS)

First published on TECHNET on Apr 20, 2010 When designing a public key infrastructure (PKI) for your organization, you must develop an effective disaster recovery plan to ensure that, in the event of failure of the computer hosting Certificate Services, ... continue reading

Windows Server 2008 R2 AD CS Migration Guide

First published on TECHNET on Mar 19, 2010 The official version of the new 2008 R2 ADCS Migration Guide is now available at http://technet.microsoft.com/en-us/library/ee126170(WS.10).aspx . The guide describes the necessary steps for a successful migration of both enterprise and standalone ... continue reading

Whitepaper “HSPD-12 Logical Access Authentication and Active Directory Domains”

First published on TECHNET on Feb 10, 2010 This document explains the interdependencies between Active Directory Domain Services (AD DS) and Public Key Infrastructure (PKI) related to Homeland Security Presidential Directive 12 (HSPD-12) smart card logon. Topics concerning the Federal ... continue reading

Clustered Certification Authority maintenance tasks

First published on TECHNET on Jan 10, 2010 The colleagues from the AskDS blog posted a quite valuable article about Clustered CA maintenance tasks ... continue reading