Category Archives: CA

Get a free publicly trusted certificate using Let’s Encrypt, PowerShell and DNS

Posted on 4 December, 2017 by Tom Aafloen

I have previously blogged about the free publicly trusted certificate solution Let’s Encrypt, see here. In this post, I will show how you can request a certificate with a PowerShell script and prove ownership of the domain name using DNS … Continue reading

Posted in CA, Certificates, LetsEncrypt, PKI, SAN, SSL | Tagged , , , , , | Leave a comment

Certificate related problems when using a web proxy server

Posted on 27 September, 2017 by Tom Aafloen

I have several times encountered these issues, so it decided it was time to write a blog post about it. The situation You are using a proxy server for web communication. Direct communication to the Internet is blocked. The proxy … Continue reading

Posted in CA, Certificates, CRL, NDES, PKI, SCEP | Tagged , , , | 4 Comments

Require SSL on NDES admin site via PowerShell

Posted on 1 February, 2016 by Tom Aafloen

Best Practices from Microsoft when deploying Network Device Enrollment Service (available here) states: “Always set up the administrator site with SSL-only configuration. (Disable http access to this site.)” This is to protect the sensitive One Time Passwords that are transmitted … Continue reading

Posted in CA, Certificates, NDES, PKI, SCEP | Tagged , , , | 6 Comments

Can disabling Delta CRL on a CA cause problems?

Posted on 4 February, 2014 by Tom Aafloen

Imagine that you are using both Base CRL and Delta CRL, but you want to stop using Delta CRL and only use Base CRL going forward. Could this cause any problems in revocation checking if you do not carefully plan … Continue reading

Posted in CA, CRL, PKI, smart card | Tagged , , , | 2 Comments

Internet Explorer and revocation check failure

Posted on 28 January, 2014 by Tom Aafloen

Internet Explorer normally warns you if the server you visit have any certificate issues. Some examples: The certificate has another Subject than the URL you used to access it: The certificate was issued by a CA that your computer do … Continue reading

Posted in CA, Certificates, CRL, PKI | 1 Comment

The option Enterprise unavailable during CA installation?

Posted on 15 January, 2014 by Tom Aafloen

When installing a Active Directory Certification Authority (or  CA server for short), the Setup Type option Enterprise might be greyed out: This is most likely because you are not running the installation with an account that local administrator on the … Continue reading

Posted in CA, PKI | Tagged , , , , | 4 Comments

Manually remove old CA references in Active Directory

Posted on 19 March, 2013 by Tom Aafloen

Summary When a CA server is uninstalled or crashes beyond recovery some objects are left in Active Directory. It’s good practice to remove these obsolete objects. Background When you install a version of Certificate Authority that is Active Directory-integrated (i.e. … Continue reading

Posted in CA, Certificates, PKI | Tagged , | 46 Comments