PKI
Just Released – Licensing Options for Our PKI Tools
I am pleased to announce that based on overwhelming demand, starting today we are now providing licensed and supported versions of our most popular PKI tools – PowerShell PKI Module, ASN.1 Editor, and the SSL Certificate Verifier. Available in single user or enterprise licenses and includes 12-months of support for the tool. The licensing model…
Read MoreRequest extension processing in Active Directory Certification Authority
Hello S-1-1-0, Crypt32 is on air! Today I want to explain how ADCS Certification Authority processes extensions from incoming requests and certificate templates. Every X.509 V3 certificate contains certificate extensions to include extra information about certificate owner, issuer, intended usages, limitations/constraints. CA utilize multiple sources to generate extension list to be included in signed certificate,…
Read MoreName Constraints Extension
The Name Constraints extension indicates to the relying party what namespaces are acceptable for the various hierarchical name forms such as DN, DNS names, URL, IP address, RFC 822 names, UPN, etc. The extension is only valid for a CA certificate. There are two components for this as defined in https://tools.ietf.org/html/rfc5280#section-4.2.1.10 as: Permitted Subtree(s): This…
Read MoreRPKI – The most important Internet security component you never heard of.
What do AWS, Radware, Nintendo, Google, and Facebook all have in common (other than being some of the smartest actors in internet commerce)? Over the past 18 months, they have all been impacted by outages traceable to the Border Gateway Protocol (BGP). The BGP was designed in 1994, literally on a napkin, to route data…
Read MoreADCS certificate serial number generation algorithms – a comprehensive guide
Hello S-1-1-0, @Crypt32 is again on a failboatboard with new blog post. Today I will share information about a little-known portion in configuration of Microsoft ADCS Certification Authority – serial number generation algorithm. This article assumes big-endian encoding Certificate serial number requirements Every X.509 conforming CA generates a unique serial number for each issued certificate,…
Read More