Creating Highly Available CDP and AIA Locations with Azure, Part 4

Hello everyone, this is the fourth blog post in my “Creating Highly Available CDP and AIA Locations with Azure” series. Posts in this series: Part 1 Part 2 Part 3 Part 4 (this post) In this blog post, we will configure an on-premises environment to upload CA certificates and CRLs to a primary Azure storage […]

Creating Highly Available CDP and AIA Locations with Azure, Part 3

Hello everyone, this is the third entry in my “Creating highly available CDP and AIA locations with Azure” series. Posts in this series: Part 1 Part 2 Part 3 (this post) Part 4 Deploying Azure Front Door CDN Resource As we already discussed, Azure Front Door (AFD) is: A modern cloud Content Delivery Network (CDN) […]

Creating Highly Available CDP and AIA Locations with Azure, Part 2

Hello everyone, this is the second entry in my “Creating highly available CDP and AIA locations with Azure” series. Posts in this series: Part 1 Part 2 (this post) Part 3 Part 4 Start Environment In my previous post, I provided a setup configuration for us to start from: Fig.1 – Initial Setup We have […]

Creating Highly Available CDP and AIA Locations with Azure, Part 1

Hello everyone, this is the first blog post in the “Creating Highly Available CDP and AIA Locations with Azure” series. Posts in this series: Part 1 (this post) Part 2 Part 3 Part 4 Foreword With the fast TLS expansion over the last decade, PKIs and their administrators face new challenges in order to provide […]

Reminder: LDAP signing requirements in March 2020

In August 2018, Microsoft issued a security advisory ADV190023 Microsoft Guidance for Enabling LDAP Channel Binding and LDAP Signing about unsigned LDAP communication blocking in Active Directory starting with March 2020. A quick poll identified that not all customers are aware about upcoming changes or have prepared to them. What is LDAP Binding? LDAP binding is a […]

PowerShell PKI Module v3.4.2 and upcoming plans

I’m glad to announce that a new version of PowerShell PKI (PSPKI) module is released. It is available for installation from PowerShell Gallery: https://www.powershellgallery.com/packages/PSPKI/ PSPKI was in stable development for last year and most changes are bug fixes and usability improvements. Release notes for v3.4.2: https://dev-pki-solutions-old.pantheonsite.io//tools/release-notes-for-pspki-v342/. However, it doesn’t mean that the module is done or dead. […]

AzureSignTool incorrectly identifies unsigned files as signed

Some time ago a fellow I’m following on a Twitter, Marc-André Moreau posted an interesting tweet: Okay, this is the weirdest thing: we call AzureSignTool with ‘-s’ to skip signing already signed files, and it… incorrectly thinks one of our native DLLs is already code signed when it is not… for *both* x64 and arm64. […]

Understanding Active Directory Certificate Services Containers in Active Directory

As part of joining PKI Solutions, several blog posts from my old site are re-posted here for visibility and thoroughness. Hello folks! Today I want to explain in details about Active Directory containers related to ADCS (Active Directory Certificate Services), their purposes and how they work. Intro All ADCS related containers are stored in configuration […]