Skip to content

The PKI Blog

Deleting certificates from Windows Certificate Store programmatically (PowerShell and C#)

By Vadims Podāns | Oct 2, 2019

Yesterday I went through one thread on Reddit: New to PS and want to create a script to clear all personal certificates from a local machine and something was suspicious to me. Then I went further and asked google for similar question and examined first page:Delete certificate from Computer StoreRemoving a certificate from the local…

Read More

PowerShell PKI Module v3.4.2 and upcoming plans

By Vadims Podāns | Aug 26, 2019

I’m glad to announce that a new version of PowerShell PKI (PSPKI) module is released. It is available for installation from PowerShell Gallery: https://www.powershellgallery.com/packages/PSPKI/ PSPKI was in stable development for last year and most changes are bug fixes and usability improvements. Release notes for v3.4.2: https://www.pkisolutions.com/tools/release-notes-for-pspki-v342/. However, it doesn’t mean that the module is done…

Read More

Basic Constraints certificate extension

By Vadims Podāns | Aug 12, 2019

Hello everyone! Today I’m going to talk about X.509 Basic Constraints certificate extension. Basic Constraints is an X.509 Version 3 certificate extension and is used to identify the type of the certificate holder/subject. In the past (prior to version 3 X.509 certificates) it was impossible to identify who is the subject: CA certificate or end…

Read More

SHAKEN/STIR is Getting Real

By ThePKIGuy | Aug 5, 2019

The Federal Communications Commission (FCC) estimates robocalls will constitute more than half of all phone calls placed in the U.S. this year. In an effort to end to this, the FCC and major telecommunications companies including Comcast, AT&T, and T-Mobile have lined up behind a new standard called SHAKEN/STIR (Signature-based Handling of Asserted Information using…

Read More

Database log files are not truncated when you perform a full Certification Authority database backup

By Vadims Podāns | Aug 2, 2019

As part of joining PKI Solutions, several blog posts from my old site are re-posted here for visibility and thoroughness. You have Windows Server 2008 R2 with installed Active Directory Certification Authority role. When you perform a full database backup by using either certutil.exe utility, or Certification Authority, the database log files are not truncated,…

Read More

You cannot download CA certificate from web enrollment pages

By Vadims Podāns | Aug 2, 2019

As part of joining PKI Solutions, several blog posts from my old site are re-posted here for visibility and thoroughness. When you try to download CA certificate from web enrollment pages you get a prompt message with unreadable proposed file name: Do you want to save certnew_cer?ReqID=CACert&Renewal=1&Enc=bin (1,09 KB) from <ServerName> And when you press…

Read More

Web server certificate enrollment with SAN extension

By Vadims Podāns | Aug 2, 2019

As part of joining PKI Solutions, several blog posts from my old site are re-posted here for visibility and thoroughness. Many of windows administrators requires to setup SSL on their web servers and mostly they wish to use certificates with the Subject Alternative Name extension that allows to map a single certificate to a multiple…

Read More

The case of accidentally deleted user certificates

By Vadims Podāns | Aug 2, 2019

As part of joining PKI Solutions, several blog posts from my old site are re-posted here for visibility and thoroughness. Sometimes users accidentally delete their certificates from personal store. After that users are not able to perform certificate-based tasks, i.e. decrypt files or mail, sign data and authenticate. Some organizations implement Key Archival for certificate and private…

Read More

Understanding Active Directory Certificate Services containers in Active Directory

By Vadims Podāns | Aug 2, 2019

As part of joining PKI Solutions, several blog posts from my old site are re-posted here for visibility and thoroughness. Hello folks! Today I want to explain in details about Active Directory containers related to ADCS (Active Directory Certificate Services), their purposes and how they work. Intro All ADCS related containers are stored in configuration…

Read More
Scroll To Top