Windows PKI blog
News and information for public key infrastructure (PKI) and Active Directory Certificate Services (AD CS) professionals
Hello all, Tochi Ezebube here again from the Active Directory Certificate Services engineering team....
Date: 12/12/2018
How will Certificate Transparency affect existing Active Directory Certificate Services environments?
Wes Hammond here from Premier Field Engineering. It has been a while since I posted anything, but I...
Date: 03/12/2018
Hey Everyone, A little while back I posted this article to my own personal blog and it is getting...
Date: 02/24/2017
Hi there! This is Tochi Ezebube with the Active Directory Certificate Services (ADCS) engineering...
Date: 11/30/2016
Update: This page has been removed. For the most up to date information on the Microsoft SHA1...
Date: 10/19/2015
A fellow engineer at Microsoft, Roger Grimes, has published a great article on Implementing SHA-2 in...
Date: 07/24/2015
Setting up NDES using a Group Managed Service Account (gMSA) Hallo everybody, this is Andy and...
Date: 04/26/2015
Setting up TPM protected certificates using a Microsoft Certificate Authority - Part 3: Key Attestation
Hey Everyone, I am back with the last part of this 3 of this series on TPM protected certificates....
Date: 09/08/2014
Setting up TPM protected certificates using a Microsoft Certificate Authority - Part 2: Virtual Smart Cards
Hey Everyone, I am back with part 2 of this 3 part series on TPM protected certificates. The topics...
Date: 07/15/2014
Setting up TPM protected certificates using a Microsoft Certificate Authority - Part 1: Microsoft Platform Crypto Provider
Hey Everyone, This is Wes Hammond with Premier Field Engineering back to share what I have learned...
Date: 06/05/2014
Hello All, This is Wes Hammond with Premier Field Engineering back with follow up to a previous blog...
Date: 04/28/2014
Hey everyone this is Wes Hammond from Premier Field Engineering and I wanted to share with you some...
Date: 03/05/2014
Digital certificates are a key mechanism for establishing identity on the Internet. Trust in these...
Date: 02/21/2014
For those that missed the big news on the Ask Premier Field Engineering (PFE) Platforms blog, our...
Date: 01/08/2014
A common question in the field is about upgrading a certification authority running on Windows...
Date: 09/19/2013
Working with Internet Information Services (IIS) certificates can be a bit challenging especially...
Date: 08/27/2013
Paul Fox has uploaded a revision of his former Windows PowerShell CRL Copy script. The new script is...
Date: 05/08/2013
Tonight I spent a couple of hours reorganizing the PKI Documentation and Reference Library. I also...
Date: 03/22/2013
Windows Server 2012 System State Backup allows an administrator to back-up several Operating System...
Date: 03/21/2013
I have consolidated and updated two command line utilities recently: Certreq Certutil I took all the...
Date: 03/08/2013
It is very common to check the configuration of any certification authority using certutil...
Date: 12/27/2012
Many customers must perform a regulatory audit annually to comply with industry standards and...
Date: 12/20/2012
Hi there, I am a test engineer in the Windows team working on certificate enrollment related areas....
Date: 12/10/2012
A new feature is available in Windows Server 2012 and Windows 8 that allows you to protect exported...
Date: 10/08/2012
Microsoft released a security advisory, KB article, and software update for all supported versions...
Date: 08/14/2012
On August 14, 2012, Microsoft will issue a critical non-security update (KB 2661254) for Windows XP,...
Date: 07/13/2012
Fabian Müller, Premier Field Engineer (PFE) in Germany, just wrote a detailed article...
Date: 06/18/2012
Public key based cryptographic algorithms strength is determined based on the time taken to derive...
Date: 06/11/2012
There are a number of known untrusted certificates and compromised keys that have been issued by...
Date: 06/11/2012
During my work with a customer renewing their Issuing CA’s certificate based on the steps...
Date: 05/29/2012
I was recently helping a customer deploy a SHA-256 based PKI. As part of the retirement of their old...
Date: 05/03/2012
Starting with Windows Vista and Windows Server 2008, the option to utilize Key Storage Providers...
Date: 04/27/2012
The Network Device Enrollment Service (NDES) whitepaper is now on the TechNet Wiki and I have...
Date: 04/18/2012
Amer Kamal recently posted two articles regarding the security and maintenance of offline CAs based...
Date: 03/18/2012
A follow-up document to the original HSPD-12 Logical Access Authentication and Active DIrectory...
Date: 03/14/2012
Connecting iPads to an Enterprise Wireless 802.1x Network Using Certificates and Network Device Enrollment Services (NDES)
Important notice: Microsoft does not support any apple products, if you need to troubleshoot any...
Date: 02/27/2012
Decommissioning an Old Certification Authority without affecting Previously Issued Certificates and then Switching Operations to a New One
Jonathan Stephens posted an excellent Blog about this topic; however, it didn’t include the...
Date: 01/27/2012
If a Key Recovery Agent (KRA) certificate is stored in a Cryptography Next Generation (CNG) Key...
Date: 01/23/2012
Microsoft MVP, Vadims Podans, has written and posted a Windows PowerShell script that can be used to...
Date: 12/08/2011
I am often asked when talking to my customers about the differences between Key Recovery and Data...
Date: 10/28/2011
How to decommission a Windows enterprise certification authority and how to remove all related objects
The Windows KB article 889250 titled "How to decommission a Windows enterprise certification...
Date: 10/07/2011
A common question from certification authority administrators is "Does Enterprise PKI (PKIView)...
Date: 10/07/2011
Ingolfur has written a blog post as well as a TechNet Wiki article describing how a Windows Server...
Date: 09/28/2011
If you are using Windows Developer Preview and have difficulty obtaining or downloading a...
Date: 09/14/2011
If you run into an issue where you are unable to download or save certificates using Internet...
Date: 08/18/2011
If you have commonly asked questions about certificate services or PKI that you think should be...
Date: 08/08/2011
The following documentation updates have been recently made: AD CS: Deploying Cross-forest...
Date: 08/03/2011
An important security update, described in MS11-051 (https://go.microsoft.com/fwlink/?LinkId=217101)...
Date: 06/14/2011
LDAP over SSL (LDAPS) is becoming an increasingly hot topic - perhaps it is because Event Viewer ID...
Date: 06/02/2011
Background On December 1, 2010 the Federal PKI Management Authority (FPKIMA), in compliance with...
Date: 03/13/2011