PKI Blog

Hidden Dangers: Certificate Subject Alternative Names (SANs)

Posted by Wayne Harris on Jan 7, 2016 2:47:31 PM

Few companies have the luxury of a dedicated full time professional PKI staff. More typical are those companies that assign this duty as an adjunct to someone with a separate primary function, such as AD engineering.  As such, I find that many PKI practitioners don’t have PKI proficiency as a primary skillset.  It’s easy to understand how a “just make it work” mentality can eventually creep into a PKI operational processes. Too often, operational efficiency easily trumps perceived security risks.

Read More

Topics: certificate, PKI, Certificate SAN

Authentication in an Ultra-Connected World: Internet of Things

Posted by Ted Shorter on Oct 1, 2015 6:05:00 AM

As PKI practitioners, we’ve been asked the question for years: “What’s the best way to get a digital certificate on _____?” What gets filled into the blank has expanded dramatically over time, however. Ten years ago, certificates landed primarily on what I’d describe as “traditional” IT infrastructure – servers, desktops, laptops, smart cards, RADIUS servers, or VPN concentrators. But since then, things have gotten much more interesting. Handheld scanners. Surgical robots. VOIP phones. Set-top boxes. Cable modems. Even heart monitors and IV pumps.

Read More

Topics: install certificates onto devices, digital certificates, cert, embedded systems, certificate, Microsoft Security Partner, expired digital certificate, Public Key Infrastructure, Certificate Management System (CMS), Industry Trends, Microsoft Public Key Infrastructure, Cisco Internet of Things, embedded certificates, embedded devices, Microsoft PKI, X.509 digital certificates, Internet of Things, IoT, Blog, Internet of Things (IoT), certificate install, BYOD, PKI Assurance

Securing Internet Enabled Consumer Devices (IoT)

Posted by CSS Technical Team on Mar 2, 2015 8:00:00 AM

The Internet of Things (IoT) or the Internet of Everything (IoE) is coming. Ok, so it's already here.  A snowball rolling down a slope gaining momentum and size, IoT is dominating trade show floors and executive agendas.  As the world smiles while dreaming of high availability cloud based "smart devices" we as security professionals shudder at the thought of privilege escalation and man in the middle attacks.  It's our job to ensure digital user identity, to secure the internet of things.

Read More

Topics: digital certificate, certificate, Internet of Things (IoT), Internet of Everything, consumer security

AD/CS Web Enrollment Delegation

Posted by Wayne Harris on Jun 11, 2014 5:46:29 AM

Have you ever had a problem installing the Active Directory Certificate Services Web Enrollment role feature on a server that is separate from the Certificate Authority?

Read More

Topics: digital certificate, microsoft ca, certificate, IT Security, Microsoft Security Partner, authentication, AD/CS, Public Key Infrastructure, Active Directory Certificate Services (ADCS), web enrollment, Active Directory Certificate Services, CA, AD/CS Web Enrollment Delegation, Blog, Microsoft Certificate Authority

Publicly Trusted versus Trustworthy SSL Certificates

Posted by Wayne Harris on Apr 11, 2014 10:52:23 AM

In the wake of the Heartbleed bug, many are faced with the daunting (and expensive) prospect of replacing the SSL certificates on those vulnerable systems. This is due to the possibility that the private keys of exposed SSL certificates may or may not have been compromised. In the end, since there is no way to know for sure if your private keys have been compromised, many are opting to replace the SSL certificates of the affected system(s).

Read More

Topics: SSL certificates, cert, certificate, IT Security, Microsoft Security Partner, Heartbleed, expired digital certificate, Public Key Infrastructure, Certificate Management System (CMS), Industry Trends, OpenSSL, Microsoft Public Key Infrastructure, Azure PKI, PKI, PKI as a Service (PKIaaS), heartbleed bug, SSL PKI, Blog

The Truth About PKI Managed Service Offerings

Posted by Chris Hickman on Jan 29, 2013 9:54:53 AM

Recently I was engaged with a customer who decided to source certificates from a service provider rather than build a PKI. In this case the customer was limited in resources and an evaluation of build vs. buy showed this to be the correct approach in the near term.

Read More

Topics: digital certificate, cert, Managed Service Offerings, certificate, IT Security, Microsoft Security Partner, Public Key Infrastructure, private key, certs, PKI, Blog, MSO, Got PKI?

Posts by Topic

see all

Subscribe to Email Updates

Want to Learn more about CSS?