PKI Blog

Case Study: Azure Based PKI

Posted by CSS Technical Team on Jun 9, 2014 10:24:18 AM

A leader in the educational software market was developing a custom MDM solution enabling a Bring Your Own Device (BYOD) initiative for the classroom when their developers realized their need for an underlying security and Public Key Infrastructure (PKI). Purchasing individual certificates was out of the question, since their solution required very high certificate volume, and they were reluctant to roll out their own PKI, as reliability and high assurance were key requirements to meet their growing customer base. The customer engaged CSS after realizing that operating a full scale PKI was simply out of their wheelhouse.

Read More

Topics: Managed PKI, IT Security, Microsoft Security Partner, Public Key Infrastructure, Certificate Management System (CMS), PKIaaS, Azure PKI, PKI, PKI as a Service (PKIaaS), Public Key Infrastructure (PKI), Azure Based PKI, PKI as a Service, Blog, Got PKI?

The Truth About PKI Managed Service Offerings

Posted by Chris Hickman on Jan 29, 2013 9:54:53 AM

Recently I was engaged with a customer who decided to source certificates from a service provider rather than build a PKI. In this case the customer was limited in resources and an evaluation of build vs. buy showed this to be the correct approach in the near term.

Read More

Topics: digital certificate, cert, Managed Service Offerings, certificate, IT Security, Microsoft Security Partner, Public Key Infrastructure, private key, certs, PKI, Blog, MSO, Got PKI?

Writing Event Plugin Handlers for the Certificate Management System (CMS)

Posted by Gary Galehouse on Jul 25, 2012 5:15:44 AM

The Certificate Management System (CMS), formerly known as the Certificate Reporting Tool (CRT), as referenced below, provides reporting and notification capabilities to an existing Public Key Infrastructure (PKI). The reports and notifications are highly customizable for content, timing, and audience. In addition, custom ‘event plugin handlers’ can be created and registered to perform any desired functionality when predefined events occur. Two types of CRT events are exposed:

Read More

Topics: digital certificate, iPhone, IT Security, Microsoft Security Partner, digital pki, Certificate Reporting Tool, Public Key Infrastructure, Event Plugin Handlers, Microsoft Public Key Infrastructure, iPad, Microsoft PKI, iOS management certificates, mobile certificate, iOS, Blog, Plugin Handlers, Got PKI?

Security Vulnerability- The Use of the Simple Certificate Enrollment Protocol (SCEP) and Untrusted Devices

Posted by Ted Shorter on Jun 27, 2012 11:19:38 AM

It’s been in the works for quite some time, but we are finally able to publicly announce a problem that we’ve encountered, related to the use of the Simple Certificate Enrollment Protocol, or SCEP, in conjunction with mobile devices. We’ve been working for months behind the scenes with the folks at the United States Computer Emergency Readiness Team (US-CERT) and CERT/CC at Carnegie Mellon our customers, and a number of vendors as well, to help raise awareness of the issue. The CERT report can be found here, and we have a whitepaper and video overview on our website to provide more information.

It should be noted that not all MDM usage of SCEP is equally vulnerable. The scenarios that cause the most concern to us are those that involve the use of SCEP to issue authentication certificates to enterprise systems such as ActiveSync, WiFi, and VPN. In some cases it may be possible to use alternative configurations that reduce or eliminate these risks; in others, it may be more difficult. CSS is willing to help customers assess their specific usage of SCEP and PKI to determine their degree of exposure.

Read More

Topics: digital certificate, consumerization of IT, IT Security, Microsoft Security Partner, Mobile Device Management, bring your own device, Public Key Infrastructure, Certificate Management System (CMS), Industry Trends, mCMS, MDM, SCEP, Certificate Reporting Tool (CRT), PKI, certification and remediation, mobile certificate, Microsoft-centric infrastructure, Blog, Simple Certificate Enrollment Protocol, CERT Coordination Center, BYOD, ActiveSync, Got PKI?

Got PKI? CSS at RSA

Posted by CSS Marketing on Mar 15, 2012 6:39:29 AM

Certified Security Solutions sent a team to the 2012 RSA Security Conference in San Francisco where one of the underlying themes was mobile security. Located in the Microsoft Pavilion, team CSS boasted a 'Got PKI?' theme centered around PKI best practices and the power of digital certificates on mobile devices. Booth conversations included PKI as a service in addition to leveraging CSS' own software solution, the Certificate Management System (CMS) for digital certificate management and enrollment in a Microsoft PKI. Visitors to the booth were genuinely excited to see a mobile security solution from a company that "gets" PKI. CSS' CTO, Ted Shorter, and Director of Business Development, Uri Lichtenfeld, presented a theater session titled 'Do's and Don’ts of PKI and Certificate Management for Mobile Devices.' Check out the photos below:

Read More

Topics: digital certificate, Fulfillment and governance tools for IAM, consumerization of IT, apple, iPhone, digital pki, digital certificate management, Public Key Infrastructure, Certificate Management System (CMS), mCMS, certificate remediation, Microsoft Public Key Infrastructure, iPad, Certificate Reporting Tool (CRT), PKI, Microsoft PKI, iOS management certificates, Microsoft-centric infrastructure, iOS, Blog, expanded compliance and forensic issues, mobile certificates, BYOD, Got PKI?

Apple Products Becoming (Business) Mainstream

Posted by CSS Marketing on Feb 9, 2012 4:00:13 AM

The popularity of Apple’s iPads and iPhones among consumers are well documented, but recent findings from Forrester Research shows that these devices are gaining steam in the corporate world.

The “Consumerization of IT” or BYOD (Bring Your Own Device) has become a common occurrence among all departments, and not surprisingly, Apple is leading the way among what Forrester calls “information” workers — workers that use a computer for work an hour or more per day. And the more senior the individual, the more they are using Apple devices:

  • More than 1 out of 5 (21%) of 10,000 surveyed Information workers use one or more Apple device at work
  • The number of Apple BYOD-ers doubles to 2 out of 5 professionals (41%) for those with the title “Director of IT” or higher
Read More

Topics: digital certificate, Microsoft Active Directory AD, certificates, apple, iOS 5, iPhone, IT Security, Microsoft Security Partner, digital pki, Certificate Reporting Tool, Public Key Infrastructure, Certificate Management System (CMS), Industry Trends, mCMS, Microsoft Public Key Infrastructure, Active Directory Certificate Services, iPad, PKI, Microsoft PKI, iOS management certificates, Microsoft and Apple, iOS, Blog, Active Directory, mobile certificates, BYOD, AD, Got PKI?

Apple Cozying Up to Microsoft Partners? CSS' mCMS

Posted by CSS Marketing on Nov 18, 2011 7:19:57 AM

This week we’ve seen the latest chapter in the Microsoft/Apple love/hate relationship… and it would seem that love is conquering all… at least for the time being. As CRN reports, Apple is reaching out to Microsoft partners that can help integrate iPhones and iPads into enterprise environments.

We’re seeing a bit of a perfect storm for Apple and Microsoft to work together – at least in the mobile space – as more and more organizations are taking a look at moving to or allowing iPhones (and iPads). Combining the robust multi-faceted Microsoft Core Infrastructure platform and Apple’s trendy “must-have” market monopolizing devices, Apple and Microsoft are “on again,” albeit in the relatively limited smartphone and tablet arena.

Read More

Topics: digital certificate, iPad security, apple, iOS 5, iPhone, IT Security, consumerization, Microsoft Security Partner, Certificate Reporting Tool, Certificate Management System (CMS), Industry Trends, mCMS, Software Products, Microsoft Public Key Infrastructure, iPad, SCEP, mobile security, Microsoft, Microsoft PKI, CRT, iOS management certificates, mobile certificate, Microsoft and Apple, iOS, Blog, iPhone security, secure enrollment, BYOD, Got PKI?

About Time

Posted by CSS Technical Team on Oct 18, 2011 5:05:00 AM

In my previous blog, I talked about the necessity of a Time Stamping Authority (TSA) in regards to non-repudiation. In this blog we are going to have a closer look at time itself, talk about why accurate time is important, and how to achieve accurate time in your own organization.

Read More

Topics: Issuing CA, Certificate authority, IT Security, Microsoft Security Partner, Master Clock, Public Key Infrastructure, TSA, NTP, Microsoft Public Key Infrastructure, SNTP, Simple Network time Protocol, Microsoft PKI, Stratum-2, Stratum-1, Blog, Network time Protocol, Got PKI?, Time Stamping Authority

iOS 5, S/MIME, and Digital Certificate Management

Posted by Ted Shorter on Sep 15, 2011 9:50:12 AM

iOS 5, Apple’s new operating system for iPad, iPhone, and iPod Touch, will be released “soon” – Apple officially says “this Fall,” and many prognosticators are pointing to sometime in October. While the new release has hundreds of new features, the feature that’s of particular interest to digital identity practitioners such as CSS is one that’s received very little press to date:

S/MIME.

The current version of iOS4.x supports the use of digital certificates for authentication: to things like wireless networks, VPNs, and Microsoft ActiveSync . But starting with iOS 5, iPhone, iPad, and iPod Touch users will be able to send and receive digitally signed and encrypted email messages directly from their device.

Read More

Topics: digital certificate, consumerization of IT, apple, iOS 5, iPhone, IT Security, consumerization, Microsoft Security Partner, authentication, Certificate Reporting Tool, cert downtime, Certificate Management System (CMS), Industry Trends, mCMS, Software Products, Certificate revocation list, iPad, CRT, iOS management services, expired certs, mobile certificate, iOS, Blog, digital certificates expire, BYOD, expired digital certificates, Got PKI?

Time Stamping Authority

Posted by CSS Technical Team on Jun 2, 2011 5:00:11 AM

It is safe to say that everything has gone digital. In an age where people are farming virtual farms and tending to online fish tanks, why wouldn't the need for a "virtual signature" become apparent? When it comes to replacing your "John Hancock" with a time stamp, the risk of a security compromise becomes heightened. Luckily, there are protective security measures that can easily minimize risk.

Read More

Topics: Adobe Acrobat, Microsoft Security Partner, digital pki, Public Key Infrastructure, Microsoft Public Key Infrastructure, time stamp, Microsoft PKI, time stamped signature, Blog, Time Stamp Server, Time Stamp Protocol, Got PKI?, Time Stamping Authority

Recent Posts

Posts by Topic

see all

Subscribe to Email Updates

Want to Learn more about CSS?