The PKI Blog

ADCS certificate serial number generation algorithms – a comprehensive guide

By Vadims Podāns | Nov 4, 2020

Hello S-1-1-0, @Crypt32 is again on a failboatboard with new blog post. Today I will share information about a little-known portion in configuration of Microsoft ADCS Certification Authority – serial number generation algorithm. This article assumes big-endian encoding Certificate serial number requirements Every X.509 conforming CA generates a unique serial number for each issued certificate,…

Read More

ADCS Certification Authority Database query numbers

By Vadims Podāns | Oct 21, 2020

Hello everyone, I’m back again and today I want to share some thoughts on retrieving massive results from ADCS Certification Authority database. Point of interest As a part of my ongoing project I had to collect database statistics (simply, number of revoked, issued, pending, failed, denied requests) and my concern was query performance on relatively…

Read More

OCSP Magic Number

By Naheed Jivani | Sep 24, 2020

The magic number is a value that states when CRLs will be processed over OCSP, specifically it is when the total number of cached OCSP responses from a single OCSP responder URL on behalf of a single certificate authority will stop performing OCSP and start processing CRLs. This will occur if the number of cached…

Read More

Announcing Free PKI Assessments

By ThePKIGuy | Sep 2, 2020

Today we are announcing a new feature for our Online PKI Assessment portal. Our portal offers the world’s first, on-demand, self-paced assessment of Microsoft ADCS based PKIs. Utilizing our proprietary automated data collection tools, you can quickly scan and collect configuration details from your PKI and receive an assessment online – all at your convenience…

Read More

PowerShell PKI (PSPKI) 3.7 enhancements – Certification Authority API (part 1)

By Vadims Podāns | Aug 20, 2020

Hello S-1-1-0, here is another blog post in the PSPKI v3.7 enhancement blog series. Today I will talk about another interesting work done in PSPKI. Intro In one of my previous posts, I’ve outlined a very general roadmap for PKI library and the move towards the .NET Core. There are several obstacles for the move…

Read More

PowerShell PKI (PSPKI) 3.7 enhancements – security descriptors

By Vadims Podāns | Aug 17, 2020

Today I’m starting a series of blog posts where I will explore new features we have added to PowerShell PKI module, version 3.7. First post is dedicated to security descriptors. Major changes in PSPKI Within PSPKI module, we had an ability to manage security descriptors (access control lists) for Certification Authority can certificate template objects.…

Read More

Win a Free Online PKI Assessment

By ThePKIGuy | Aug 16, 2020

PKI Solutions is excited to announce that we are giving away a complimentary Online PKI Assessment to two winners!  It’s our way of sharing our great new tool that is revolutionizing the way organizations assess and remediate their PKI. All on-demand by leveraging our automated process. When was the last time you performed a health…

Read More

PowerShell PKI (PSPKI) 3.7 enhancements – OCSP Revocation Configuration Management

By Vadims Podāns | Aug 14, 2020

Hello everyone, today is a second post in OCSP server management in Windows PowerShell. First blog post in the series was about OCSP server management. Today, I will discuss about Online Responder revocation configuration management using Windows PowerShell. Intro Every single Microsoft Online Responder is capable to provide certificate status for multiple different certification authorities.…

Read More

PowerShell PKI (PSPKI) 3.7 enhancements – OCSP Server Management

By Vadims Podāns | Aug 6, 2020

Today I’m starting a series of blog posts where I will explore new features we have added to PowerShell PKI module, version 3.7. First post is dedicated to Online Responders. The biggest part of this release is Microsoft OCSP Server, or Online Responder management feature. In this post, I will show general Online Responder server…

Read More