Clik here to view.
Creating offline certificate requests through the user-interface on Windows...
Windows Vista and Windows Server 2008 have a convenient user interface to create custom certificate requests. This is especially helpful since computer certificate enrollment through the web enrollment...
View ArticleClik here to view.
CA manager approval required for certificate re-enrollment
Hi there, this is Larry, Developer from US, and Fabian, PFE from Germany, writing about an uncommon scenario that might raise questions sometimes.When enrolling certificates to clients or users, you...
View ArticleClik here to view.
Request File Can’t be Located during CA Certificate Renewal
During my work with a customer renewing their Issuing CA’s certificate based on the steps documented in this article, I discovered that the Request file generated couldn’t be located in the default...
View ArticleClik here to view.
Creating offline certificate requests through the user-interface on Windows...
Windows Vista and Windows Server 2008 have a convenient user interface to create custom certificate requests. This is especially helpful since computer certificate enrollment through the web enrollment...
View ArticleClik here to view.
CA manager approval required for certificate re-enrollment
Hi there, this is Larry, Developer from US, and Fabian, PFE from Germany, writing about an uncommon scenario that might raise questions sometimes.When enrolling certificates to clients or users, you...
View ArticleClik here to view.
Request File Can’t be Located during CA Certificate Renewal
During my work with a customer renewing their Issuing CA’s certificate based on the steps documented in this article, I discovered that the Request file generated couldn’t be located in the default...
View Article[CrossPost] Microsoft PKI OCSP Responder Now JITC Certified and Lab Setup Guide
For those that missed the big news on the Ask Premier Field Engineering (PFE) Platforms blog, our OCSP responder is now JITC certified. This certification is important for customers looking to deploy...
View ArticleA novel method in IE11 for dealing with fraudulent digital certificates
Digital certificates are a key mechanism for establishing identity on the Internet. Trust in these certificates is a result of trusting the issuing entity – the Certification Authority (CA)....
View ArticleClik here to view.
Constraints: what they are and how they’re used
Hey everyone this is Wes Hammond from Premier Field Engineering and I wanted to share with you some info that I have gathered about setting up constraints. What are Constraints? Constraints are used to...
View ArticleClik here to view.
Windows Server 2012 R2/IIS8.5 – Automatic Rebind of Renewed Certificates
Hello All, This is Wes Hammond with Premier Field Engineering back with follow up to a previous blog about automatic renewal of web site certificates. The original blog can be found in the references...
View ArticleClik here to view.
Setting up TPM protected certificates using a Microsoft Certificate Authority...
Hey Everyone, This is Wes Hammond with Premier Field Engineering back to share what I have learned about protecting digital certificates using the Trusted Platform module in Windows desktops, laptops...
View ArticleClik here to view.
Setting up TPM protected certificates using a Microsoft Certificate Authority...
Hey Everyone, I am back with part 2 of this 3 part series on TPM protected certificates. The topics covered in this are related to Virtual Smart Cards, their benefits, and lastly their limitations. I...
View ArticleClik here to view.
Setting up TPM protected certificates using a Microsoft Certificate Authority...
Hey Everyone, I am back with the last part of this 3 of this series on TPM protected certificates. The last topic for this series is on Key Attestation. Recently I have had a few people ask me about...
View ArticleClik here to view.
Setting up NDES using a Group Managed Service Account (gMSA)
Setting up NDES using a Group Managed Service Account (gMSA) Hallo everybody, this is Andy and Dagmar from Austrian Premier Field Engineering (PFE) describing how to implement NDES using a gMSA...
View Article[CrossPost] Implementing SHA-2 in Active Directory Certificate Services
A fellow engineer at Microsoft, Roger Grimes, has published a great article on Implementing SHA-2 in ADCS. You can read it at the link below:...
View Article[CrossPost] SHA1 Deprecation Policy
Update: This page has been removed. For the most up to date information on the Microsoft SHA1 deprecation policy please see https://aka.ms/sha1
View ArticleHow to write an NDES policy module
Hi there! This is Tochi Ezebube with the Active Directory Certificate Services (ADCS) engineering team; I wanted to share some further details on how to write a custom policy module for the ADCS...
View Article[CrossPost ] HTTPS Inspection and your PKI
Hey Everyone, A little while back I posted this article to my own personal blog and it is getting some traction but it might get more here so I wanted to share it as these questions come up all the...
View ArticleClik here to view.
How will Certificate Transparency affect existing Active Directory...
Wes Hammond here from Premier Field Engineering. It has been a while since I posted anything, but I wanted to step back into the spotlight to talk a little bit about something a few customers have...
View ArticleSample Code: End-to-End Certificate Transparency requests on ADCS CA
Hello all, Tochi Ezebube here again from the Active Directory Certificate Services engineering team. Sometime back, we released support for the precertificate flow of Certificate Transparency v1 (RFC...
View Article