Enrollment
Name Constraints Extension
The Name Constraints extension indicates to the relying party what namespaces are acceptable for the various hierarchical name forms such as DN, DNS names, URL, IP address, RFC 822 names, UPN, etc. The extension is only valid for a CA certificate. There are two components for this as defined in https://tools.ietf.org/html/rfc5280#section-4.2.1.10 as: Permitted Subtree(s): This…
Read MoreAnnouncing the Online PKI Assessmental Portal
I am extremely proud to announce that today we have launched our Online PKI Assessment Portal. This new service is the first of its kind to offer online, automated, self-paced review and assessments of Microsoft ADCS based PKIs. We have been performing onsite PKI Assessments for customers for years now. Typically focused on the design,…
Read MoreYou cannot download CA certificate from web enrollment pages
As part of joining PKI Solutions, several blog posts from my old site are re-posted here for visibility and thoroughness. When you try to download CA certificate from web enrollment pages you get a prompt message with unreadable proposed file name: Do you want to save certnew_cer?ReqID=CACert&Renewal=1&Enc=bin (1,09 KB) from <ServerName> And when you press…
Read MoreWeb server certificate enrollment with SAN extension
As part of joining PKI Solutions, several blog posts from my old site are re-posted here for visibility and thoroughness. Many of windows administrators requires to setup SSL on their web servers and mostly they wish to use certificates with the Subject Alternative Name extension that allows to map a single certificate to a multiple…
Read MoreNew Online PKI Training Courses Are a Deep Dive into Public Key Infrastructure: Critical for IT Security, IoT, 5G, and SHAKEN/STIR
Why Public Key Infrastructure (PKI)? A PKI is the core of IT for enterprises, supporting network authentication, data encryption, code signing and secure email. In addition, in the next two years, 42 percent of Internet of Things (IoT) devices such as temperature sensors, televisions, and smart vehicles will rely primarily on digital certificates for identification…
Read More