New Certutil Argument – DownloadOCSP and Details of Caching issue with -Verify

During the development of my new ADCS Advanced PKI Training Class, I was working on creating a process to demonstrate how to manipulate the OCSP caching behavior in Windows. If you aren’t already aware, Microsoft OCSP responders use the expiration date of the authoritative CRL used for their answers as the expiration date (Next Update […]

Handling X509KeyStorageFlags in applications

Hello everyone! While participating on StackOverflow.com, I’m observing common in-app certificate handling misuses in .NET applications and I want to share some thoughts on this. Today I would like to speak about handling X509Certificate2 object creation inside the application code, common problems in handling private key material, potential issues and how to overcome them. Problem […]

Microsoft KB Archive update, February 2020

Hello everyone! Today I want to provide some cool news from our Microsoft KB Archive service. UX changes After service launch, we received various feedback from users and I addressed most requested ones. Search bar everywhere Initially, there was only dedicated page with search box to search for articles. Now, search box is placed on a menu […]

PKI Revelations Episode 2: The Genesis of Project Moonshot

Editor’s Note: This is the second blog post in a series of posts from us that will focus on our PKI Revelations. How did Project Moonshot get started? Here’s the back story. The PKI Solutions team has been working side-by-side with you in the Public Key Infrastructure trenches for many years and we’ve seen how […]

Field Report – PKI Spotlight Changes Everything

It’s been nearly 20+ years that I have been focused on PKI and working with customers around the world. In that time, new versions of Windows Server OS have brought various levels of new features, though not much lately. In all of that time, there has rarely, if ever been a moment that has been […]

PKI Glossary of Terms

Over the course of Public Key Infrastructure (PKI) design, implementation, and management, you will encounter many terms and acronyms that are defined in this document. The biggest part of the PKI implementation process is meeting with the stakeholders to ask and answer questions about where things are, how they work, what they struggle with today, […]

Microsoft January Patches and CVE-2020-0601

After two days of forewarning, Microsoft released its January 2020 collection of updates for “Patch Tuesday.” It had been leaked that there was a critical flaw in the crypt32.dll library that could represent a serious security flaw for the entire world. The crypt32.dll library provides the foundation for cryptographic operations in Windows and is often […]