Request extension processing in Active Directory Certification Authority

Vadims Podans PKI Developer

Hello S-1-1-0, Crypt32 is on air! Today I want to explain how ADCS Certification Authority processes extensions from incoming requests and certificate templates. Every X.509 V3 certificate contains certificate extensions to include extra information about certificate owner, issuer, intended usages, limitations/constraints. CA utilize multiple sources to generate extension list to be included in signed certificate,…

Read More

ADCS certificate serial number generation algorithms – a comprehensive guide

Vadims Podans PKI Developer

Hello S-1-1-0, @Crypt32 is again on a failboatboard with new blog post. Today I will share information about a little-known portion in configuration of Microsoft ADCS Certification Authority – serial number generation algorithm. This article assumes big-endian encoding Certificate serial number requirements Every X.509 conforming CA generates a unique serial number for each issued certificate,…

Read More

ADCS Certification Authority Database query numbers

Vadims Podans PKI Developer

Hello everyone, I’m back again and today I want to share some thoughts on retrieving massive results from ADCS Certification Authority database. Point of interest As a part of my ongoing project I had to collect database statistics (simply, number of revoked, issued, pending, failed, denied requests) and my concern was query performance on relatively…

Read More

PowerShell PKI (PSPKI) 3.7 enhancements – security descriptors

Vadims Podans PKI Developer

Today I’m starting a series of blog posts where I will explore new features we have added to PowerShell PKI module, version 3.7. First post is dedicated to security descriptors. Major changes in PSPKI Within PSPKI module, we had an ability to manage security descriptors (access control lists) for Certification Authority can certificate template objects.…

Read More