PKI Blog

AD/CS Web Enrollment Delegation

Posted by Wayne Harris on Jun 11, 2014 5:46:29 AM

Have you ever had a problem installing the Active Directory Certificate Services Web Enrollment role feature on a server that is separate from the Certificate Authority?

Read More

Topics: digital certificate, microsoft ca, certificate, IT Security, Microsoft Security Partner, authentication, AD/CS, Public Key Infrastructure, Active Directory Certificate Services (ADCS), web enrollment, Active Directory Certificate Services, CA, AD/CS Web Enrollment Delegation, Blog, Microsoft Certificate Authority

Five Common “DIY PKI” Mistakes to Avoid

Posted by Ted Shorter on Apr 4, 2014 3:20:46 AM

In the 12+ years that CSS has been helping organizations deploy Public Key Infrastructures, we frequently run into situations where PKI components are already present in the environment. Often it’s an older PKI that someone new to the organization has inherited and wants help evaluating; sometimes it’s a “temporary” deployment that an organization is looking to improve upon. In others, it may simply be a PKI design that a customer wants us to review and provide feedback before deployment. In any case, these “Do-It-Yourself” installations, like any PKI, can create problems, headaches, and occasionally even more serious issues if mistakes are made during the design, deployment, or operation of the PKI. And while it’s often quite easy to deploy PKI components, PKI does tend to be one of those technologies where you have exactly one chance to get it right: at install time. After that, many parameters are more or less set in stone, and a re-deployment becomes the only way to fix a mistake.

With that in mind, this is in no way an all-inclusive list, but here are five of the most common mistakes we see when encountering “DIY” PKI:

Read More

Topics: digital certificate, microsoft ca, IT Security, Microsoft Security Partner, PKI error, expired digital certificate, Public Key Infrastructure, Certificate Management System (CMS), Azure PKI, PKI, PKI as a Service (PKIaaS), CA, PKI deployment, PKI mistakes, Blog, PKI CA, DIY PKI, PKI installation

The NDES CA Thumbprint Hash

Posted by CSS Technical Team on Feb 21, 2012 6:00:32 AM

Recently, while working on a Microsoft Network Device Enrollment Services (NDES) deployment, a client asked a simple-enough question about the thumbprint for the Certificate Authority (CA) certificate that was displayed on the NDES admin enrollment GUI, “What is that hash? And why doesn’t it match any of the CA certificate thumbprint hashes in my chain-of-authority?”

Read More

Topics: digital certificate, microsoft ca, IT Security, Microsoft Security Partner, NDES, Public Key Infrastructure, Certificate Management System (CMS), Infrastructure Management, mCMS, SCEP, Microsoft Checksum Integrity Verifier, MD5 hash, Blog, FCIV, SHA-1, Simple Certificate Enrollment Protocol, Microsoft Network Device Enrollment Services (NDES, Microsoft Certificate Authority

Digital Certificate Reporting Tool in the News

Posted by CSS Marketing on May 31, 2011 10:36:33 AM

Read More

Topics: digital certificate, microsoft ca, IT Security, Microsoft Security Partner, digital pki, fulfill, Certificate Reporting Tool, Certificate Management System (CMS), Microsoft Public Key Infrastructure, Certificate Reporting Tool (CRT), Microsoft PKI, CRT, News, Microsoft-centric infrastructure, expired certificates, expanded compliance and forensic issues, Got PKI?

Posts by Topic

see all

Want to Learn more about CSS?