Posts by Vadims Podāns
Enabling Active Directory Certificate Services (ADCS) advanced audit
Hello S-1-1-0, here is another unscheduled blog post on enabling advanced audit in Microsoft CA. Today I went through another thread on Twitter which suggests how to enable advanced audit in Microsoft CA. Throughout the thread it was apparent that only partial solution was provided. Windows CA auditing engines Microsoft CA implements a set of…
Read MoreCrafting a dummy certificate with specific serial number in Microsoft ADCS
Today I went through a thread on Twitter with claims that there is no supported way to revoke a rogue certificate with known serial number in Microsoft CA. TL;DR skip to next section The long story short: the thread originally was focused on an OCSP deterministic response support. The idea behind this is that by…
Read MoreRegister TLS certificate with Remote Desktop Service using PowerShell
Hello everyone! This is a quick blog post that provides information on how to register TLS certificate with Remote Desktop Services (RDS). Starting with Windows Server 2008 R2 it became extremely easy to deploy RDS certificates to AD hosts from private CA using group policies and Microsoft CA. Since then RDS over TLS should be…
Read MoreHandling X509KeyStorageFlags in applications
Hello everyone! While participating on StackOverflow.com, I’m observing common in-app certificate handling misuses in .NET applications and I want to share some thoughts on this. Today I would like to speak about handling X509Certificate2 object creation inside the application code, common problems in handling private key material, potential issues and how to overcome them. Problem…
Read MorePowerShell File Checksum Integrity Verifier (PsFCIV)
Today I’m glad to announce a PowerShell File Checksum Integrity Verifier (hereinafter PsFCIV) availability as a standalone package. Years ago a friend of mine asked to develop a PowerShell script that would replace a now-discontinued Microsoft File Checksum Integrity Verifier (FCIV) tool that is an essential utility to check integrity of large file shares. While…
Read More