I am extremely proud to announce that today we have launched our Online PKI Assessment Portal. This new service is the first of its kind to offer online, automated, self-paced review and assessments of Microsoft ADCS based PKIs. We have been performing onsite PKI Assessments for customers for years now. Typically focused on the design,…

Read More

Quantum supremacy is looming…some year in the future. However, contrary to what you may have heard, the advent of quantum computing won’t spell the end to encryption as we know it. That is, if enterprises take the necessary steps to prepare for a post-quantum future. Enterprises must begin the process of assessing their current systems,…

Read More

A common theme has been arriving in my email box lately as well as many online forums. Consistently people are reporting error with certificates issued by their internal Microsoft ADCS based CAs. Problems range from Apple devices, Firefox, appliances and many other systems. When people examine their certificates they see that their certificates are SHA…

Read More

With a lot of focus on moving from SHA1 to SHA256, one question that I get a lot of is how to get certificates issued with SHA256. The short answer is that a CA signs everything is creates with a single hash signature algorithm. There is no mechanism that enables per-template based signature hash specification. So…

Read More

If you recall, last year Microsoft took a small step to increase the security of enterprises by following industry standards that weaker/shorter keylengths were no longer viable for production use. Microsoft did this with KB 2661254 which prevented Windows operating systems from validating certificates with key lengths shorter than 1024. Recently, Microsoft announced Security Advisory…

Read More