Certificate Templates

PKI Explained: Why It Is Necessary and Relevant Now More Than Ever

Unauthorized access, unsigned applications (malware) and unsecured email. What can help prevent these top 3 cyberthreats impacting organizations today? Public key infrastructure (PKI). Mark explains PKI and authentication in an article in ISACA’s The Nexus. I like his analogy describing PKI as “a virtual, encrypted handshake.” Check out the article.

Read More

Understanding Microsoft Cryptographic Service Providers

A common question I often get from customers and students is about Microsoft’s Cryptographic Service Providers (CSP). The CSPs are responsible for creating, storing and accessing cryptographic keys – the underpinnings of any certificate and PKI. These keys can be symmetric or asymmetric, RSA, Elliptical Key or a host of others such as DES, 3DES, and…

Read More

Help a SME Out – Don’t Guess at Template Settings

One of the areas we spend time on in the PKI In-Depth class is learning about Certificate Templates. There are a lot of tabs in the template manager and a lot of specific settings on those tabs. I can certainly understand the desire to click those pretty checkboxes, toggle radio buttons and get lost in…

Read More

RSASSA-PSS – Why Your Certificate Can’t Be Validated

A common theme has been arriving in my email box lately as well as many online forums. Consistently people are reporting error with certificates issued by their internal Microsoft ADCS based CAs. Problems range from Apple devices, Firefox, appliances and many other systems. When people examine their certificates they see that their certificates are SHA…

Read More

Certificate Template Request Hash – The Real Story

With a lot of focus on moving from SHA1 to SHA256, one question that I get a lot of is how to get certificates issued with SHA256. The short answer is that a CA signs everything is creates with a single hash signature algorithm. There is no mechanism that enables per-template based signature hash specification. So…

Read More