PowerShell PKI Module (PSPKI) v3.5 New Year Edition

Time-Stamp Protocol client As a part of improved support of PKCS#7 messages, we added a .NET-compatible RFC 3161 Time-Stamp Protocol implementation. There are two common use cases for this protocol: Provide a current date and time for devices that don’t have built-in clocks; Certify that particular data existed at certain time point Second aspect is […]

Request extension processing in Active Directory Certification Authority

Hello S-1-1-0, Crypt32 is on air! Today I want to explain how ADCS Certification Authority processes extensions from incoming requests and certificate templates. Every X.509 V3 certificate contains certificate extensions to include extra information about certificate owner, issuer, intended usages, limitations/constraints. CA utilize multiple sources to generate extension list to be included in signed certificate, […]

Register TLS certificate with Remote Desktop Service using PowerShell

Hello everyone! This is a quick blog post that provides information on how to register TLS certificate with Remote Desktop Services (RDS). Starting with Windows Server 2008 R2 it became extremely easy to deploy RDS certificates to AD hosts from private CA using group policies and Microsoft CA. Since then RDS over TLS should be […]

PowerShell File Checksum Integrity Verifier (PsFCIV)

Today I’m glad to announce a PowerShell File Checksum Integrity Verifier (hereinafter PsFCIV) availability as a standalone package. Years ago a friend of mine asked to develop a PowerShell script that would replace a now-discontinued Microsoft File Checksum Integrity Verifier (FCIV) tool that is an essential utility to check integrity of large file shares. While […]

PowerShell PKI (PSPKI) 3.7 enhancements – security descriptors

Today I’m starting a series of blog posts where I will explore new features we have added to PowerShell PKI module, version 3.7. First post is dedicated to security descriptors. Major changes in PSPKI Within PSPKI module, we had an ability to manage security descriptors (access control lists) for Certification Authority can certificate template objects. […]

PowerShell PKI (PSPKI) 3.7 enhancements – Certification Authority API (part 1)

Hello S-1-1-0, here is another blog post in the PSPKI v3.7 enhancement blog series. Today I will talk about another interesting work done in PSPKI. Intro In one of my previous posts, I’ve outlined a very general roadmap for PKI library and the move towards the .NET Core. There are several obstacles for the move […]

PowerShell PKI (PSPKI) 3.7 enhancements – OCSP Server Management

Today I’m starting a series of blog posts where I will explore new features we have added to PowerShell PKI module, version 3.7. First post is dedicated to Online Responders. The biggest part of this release is Microsoft OCSP Server, or Online Responder management feature. In this post, I will show general Online Responder server […]