Posts by Vadims Podāns
Book review – “Pro Active Directory Certificate Services” by Lawrence E. Hughes
Disclaimer: This review contains my personal opinion about the book and does not necessary reflect the company’s or other people opinion. Hello everyone, today I have a little-bit unusual blog post, which is a book review. As you may know, my primary interest area is Microsoft Active Directory Certificate Services (ADCS) and it there are…
Read MoreCertificate renewal request is placed in pending state when Valid Existing Certificate is selected in certificate template
Hello S-1-1-0, here is a new blog post in a long time. Today I want to talk about the issue when “Valid existing certificate” does not bypass CA Manager approval and/or enrollment agent requirement during certificate renewal in Microsoft CA. In certificate template settings, Issuance Requirements we can configure additional requirements for enrollment and re-enrollment…
Read MoreEnabling Active Directory Certificate Services (ADCS) advanced audit
Hello S-1-1-0, here is another unscheduled blog post on enabling advanced audit in Microsoft CA. Today I went through another thread on Twitter which suggests how to enable advanced audit in Microsoft CA. Throughout the thread it was apparent that only partial solution was provided. Windows CA auditing engines Microsoft CA implements a set of…
Read MoreCrafting a dummy certificate with specific serial number in Microsoft ADCS
Today I went through a thread on Twitter with claims that there is no supported way to revoke a rogue certificate with known serial number in Microsoft CA. TL;DR skip to next section The long story short: the thread originally was focused on an OCSP deterministic response support. The idea behind this is that by…
Read MoreRegister TLS certificate with Remote Desktop Service using PowerShell
Hello everyone! This is a quick blog post that provides information on how to register TLS certificate with Remote Desktop Services (RDS). Starting with Windows Server 2008 R2 it became extremely easy to deploy RDS certificates to AD hosts from private CA using group policies and Microsoft CA. Since then RDS over TLS should be…
Read More