New Certutil Argument – DownloadOCSP and Details of Caching issue with -Verify
During the development of my new ADCS Advanced PKI Training Class, I was working on creating a process to demonstrate how to manipulate the OCSP caching behavior in Windows. If you aren’t already aware, Microsoft OCSP responders use the expiration date of the authoritative CRL used for their answers as the expiration date (Next Update […]
Handling X509KeyStorageFlags in applications
Hello everyone! While participating on StackOverflow.com, I’m observing common in-app certificate handling misuses in .NET applications and I want to share some thoughts on this. Today I would like to speak about handling X509Certificate2 object creation inside the application code, common problems in handling private key material, potential issues and how to overcome them. Problem […]
Microsoft KB Archive update, February 2020
Hello everyone! Today I want to provide some cool news from our Microsoft KB Archive service. UX changes After service launch, we received various feedback from users and I addressed most requested ones. Search bar everywhere Initially, there was only dedicated page with search box to search for articles. Now, search box is placed on a menu […]
PKI Revelations Episode 2: The Genesis of Project Moonshot
Editor’s Note: This is the second blog post in a series of posts from us that will focus on our PKI Revelations. How did Project Moonshot get started? Here’s the back story. The PKI Solutions team has been working side-by-side with you in the Public Key Infrastructure trenches for many years and we’ve seen how […]
Field Report – PKI Spotlight Changes Everything
It’s been nearly 20+ years that I have been focused on PKI and working with customers around the world. In that time, new versions of Windows Server OS have brought various levels of new features, though not much lately. In all of that time, there has rarely, if ever been a moment that has been […]
PKI Glossary of Terms
Over the course of Public Key Infrastructure (PKI) design, implementation, and management, you will encounter many terms and acronyms that are defined in this document. The biggest part of the PKI implementation process is meeting with the stakeholders to ask and answer questions about where things are, how they work, what they struggle with today, […]
Microsoft January Patches and CVE-2020-0601
After two days of forewarning, Microsoft released its January 2020 collection of updates for “Patch Tuesday.” It had been leaked that there was a critical flaw in the crypt32.dll library that could represent a serious security flaw for the entire world. The crypt32.dll library provides the foundation for cryptographic operations in Windows and is often […]
Database log files are not truncated when you perform a full Certification Authority database backup
As part of joining PKI Solutions, several blog posts from my old site are re-posted here for visibility and thoroughness. April 1, 2020 – The issue described here is applicable to Windows Server 2016 and older. Windows Server 2019 has changed the behavior of log truncation – when a backup is performed, all unused logs […]