Configuration
Field Report – PKI Spotlight Rocked My World Again
This is another blog in the series about how PKI Spotlight is changing how customers realize improved operational efficiency, enhanced security, and better visibility of their PKI and HSM key management environments, and how it’s changing our world as PKI practitioners. All the names and specifics are redacted to protect the confidentiality of all involved…
Read MoreRequest extension processing in Active Directory Certification Authority
Hello S-1-1-0, Crypt32 is on air! Today I want to explain how ADCS Certification Authority processes extensions from incoming requests and certificate templates. Every X.509 V3 certificate contains certificate extensions to include extra information about certificate owner, issuer, intended usages, limitations/constraints. CA utilize multiple sources to generate extension list to be included in signed certificate,…
Read MoreName Constraints Extension
The Name Constraints extension indicates to the relying party what namespaces are acceptable for the various hierarchical name forms such as DN, DNS names, URL, IP address, RFC 822 names, UPN, etc. The extension is only valid for a CA certificate. There are two components for this as defined in https://tools.ietf.org/html/rfc5280#section-4.2.1.10 as: Permitted Subtree(s): This…
Read MoreOCSP Magic Number
The magic number is a value that states when CRLs will be processed over OCSP, specifically it is when the total number of cached OCSP responses from a single OCSP responder URL on behalf of a single certificate authority will stop performing OCSP and start processing CRLs. This will occur if the number of cached…
Read MoreAnnouncing Free PKI Assessments
Today we are announcing a new feature for our Online PKI Assessment portal. Our portal offers the world’s first, on-demand, self-paced assessment of Microsoft ADCS based PKIs. Utilizing our proprietary automated data collection tools, you can quickly scan and collect configuration details from your PKI and receive an assessment online – all at your convenience…
Read More