Search this blog
-
Latest posts
Kategorimoln
Ettikettmoln
- 0x80070002
- 80072ee2
- 80070003
- 80248007
- AIP
- analyzer
- ATA
- ATA Center
- Azure
- Azure RMS
- Base-64
- Base64
- CA
- cache
- CAS
- CA Trust
- certificate
- Certificates
- certificate snap-in
- certutil
- Clean AD
- convert
- CRL
- crt
- delete
- Delta CRL
- disabling
- EMS
- Enterprise
- Error
- export
- fido2
- firewall
- format
- free
- Hyper-V
- information protection
- installation
- Intune
- LetsEncrypt
- Meltdown
- metadata cleanup
- Microsoft
- mmc
- NDES
- Password
- passwordless
- PKI
- port
- PowerShell
- problem
- RDP
- revocation
- Rights Management Services
- RMS
- rms analyzer rmsanalyzer
- Root CA
- RPC
- SAN
- SCEP
- sconfig
- shortcut
- smart cards
- Spectre
- SSL
- standalone
- static port
- Subject
- Troubleshooting
- Trust
- Trusted Root Certification Authorities
- Update
- Windows 10
- Windows Server 2016
- Windows Update
-
Category Archives: PKI
The consequence of not renewing ATA certificate in time
A customer who uses Microsoft Advanced Threat Analytics (ATA) recently had severe issues with their ATA implementation. At first, the portal started to behave strangely, not showing all information in alerts and some configuration settings were missing. After a restart … Continue reading
Get a free publicly trusted certificate using Let’s Encrypt, PowerShell and DNS
I have previously blogged about the free publicly trusted certificate solution Let’s Encrypt, see here. In this post, I will show how you can request a certificate with a PowerShell script and prove ownership of the domain name using DNS … Continue reading
Posted in CA, Certificates, LetsEncrypt, PKI, SAN, SSL
Tagged CA, certificate, LetsEncrypt, PKI, SAN, SSL
Leave a comment
Certificate related problems when using a web proxy server
I have several times encountered these issues, so it decided it was time to write a blog post about it. The situation You are using a proxy server for web communication. Direct communication to the Internet is blocked. The proxy … Continue reading
Posted in CA, Certificates, CRL, NDES, PKI, SCEP
Tagged CA, Microsoft, PKI, Troubleshooting
4 Comments
SSL Certificates and SAN – What domain names are valid?
An SSL certificate has a field called Subject. The Subject field contains the domain name that the certificate is valid for. Subject can only contain one domain name: The field Subject can have more information, like the screenshot below, but … Continue reading
Get a free publicly trusted SSL-certificate
This blog post will guide you through the steps of obtaining a publicly trusted SSL certificate with up to 5 domain names, at no cost. There are no hidden costs, ads or referrals involved. You do need to be able … Continue reading
Require SSL on NDES admin site via PowerShell
Best Practices from Microsoft when deploying Network Device Enrollment Service (available here) states: “Always set up the administrator site with SSL-only configuration. (Disable http access to this site.)” This is to protect the sensitive One Time Passwords that are transmitted … Continue reading
Quick access to the Certificate snap-ins
Are you also opening the local certificate snap-ins by first running mmc.exe and then adding the Certificate snap-ins manually? I’ve done that sooo many times that I’ve gotten pretty fast at it. A faster way is to type certmgr.msc for … Continue reading
What is the difference between the formats "DER encoded" and "Base64 encoded" when exporting a certificate?
I am often asked what the difference between the following certificate export options are: The first option exports the certifcate encoded in the format Distinguished Encoding Rules, which is a binary format. The second option exports the certificate encoded with … Continue reading
Posted in Certificates, PKI
Tagged Base-64, Base64, Certificates, certutil, convert, crt, export, format
6 Comments
Can disabling Delta CRL on a CA cause problems?
Imagine that you are using both Base CRL and Delta CRL, but you want to stop using Delta CRL and only use Base CRL going forward. Could this cause any problems in revocation checking if you do not carefully plan … Continue reading
Internet Explorer and revocation check failure
Internet Explorer normally warns you if the server you visit have any certificate issues. Some examples: The certificate has another Subject than the URL you used to access it: The certificate was issued by a CA that your computer do … Continue reading
Posted in CA, Certificates, CRL, PKI
1 Comment
Microsoft Security Solutions 