Microsoft Security Advisory for ADCS exploit – ADV210003

PKI Solutions Logo

This morning we provided details to our existing support and co-management customers on a recent notice of vulnerability to certain Microsoft ADCS configurations. The exploit involves NTLM and leveraging some ADCS PKI components. Full details can be found here: https://msrc.microsoft.com/update-guide/en-US/vulnerability/ADV210003. Summary In environments with NTLM authentication still enabled in Active Directory and when using ADCS…

Read More

You cannot download CA certificate from web enrollment pages

PKI Solutions Logo

As part of joining PKI Solutions, several blog posts from my old site are re-posted here for visibility and thoroughness. When you try to download CA certificate from web enrollment pages you get a prompt message with unreadable proposed file name: Do you want to save certnew_cer?ReqID=CACert&Renewal=1&Enc=bin (1,09 KB) from <ServerName> And when you press…

Read More

Web server certificate enrollment with SAN extension

PKI Solutions Logo

As part of joining PKI Solutions, several blog posts from my old site are re-posted here for visibility and thoroughness. Many of windows administrators requires to setup SSL on their web servers and mostly they wish to use certificates with the Subject Alternative Name extension that allows to map a single certificate to a multiple…

Read More

Submitting Netscape SPKI (SPKAC) Cert Requests to ADCS

PKI Solutions Logo

Recently I was contacted on Twitter with a question about Microsoft’s support of Signed Public Key and Challenge (Netscape SPKI) for certificate enrollment requests. I have long taught in my classes that there are a number of formats supported by ADCS for certificate requests. So I consulted one of the tables I talk about in…

Read More

CertAccord – The Genesis of a Simple Enrollment Solution for Linux

PKI Solutions Logo

It comes as no surprise to anyone working with Microsoft products that the support and inclusion of operating systems other than Windows is often a second thought – if best. No where is this more prevalent than with Certificate Services – one of the most common questions during the design and deployment is “Well Mark,…

Read More