The PKI Blog

PKI Solutions Live Q&A

By Kelly Stremel | Apr 3, 2020

If you joined our PKI Solutions Office Hours – our live Q&A – held on April 2, 2020 with Mark Cooper, Vadims Podāns, and Jacob Grandlienard, you were part of a lively PKI discussion. With questions around setting up permissions in ADCS, the pros and cons of where CDPs are located, and configuring NDES, this…

Read More

ADCS Database Log Truncation Change in Server 2019

By ThePKIGuy | Apr 1, 2020

In our past blogs on the subject of Windows Server ADCS backups, we have touched on the issue of jet database logs not being truncated and deleted in some scenarios. https://www.pkisolutions.com/adcsbackups/ https://www.pkisolutions.com/database-log-files-are-not-truncated-when-you-perform-a-full-certification-authority-database-backup/ Specifically, if backups are performed via snapshot or non-VSS based backups and secondly, if any logs are still held open by the jet…

Read More

PKI Solutions Webinar Series

By Kelly Stremel | Mar 24, 2020

Join us for our PKI Solutions webinar series, kicking off March 26, 2020. This will be a year of talking quantum preparedness, validating SSL certificates, multi-cloud key management, ways to improve the security of your PKI, and more. Mark Cooper, aka The PKI Guy, will present and host the webinars. Learn PKI best practices and…

Read More

Creating RDP Certificates

By Jake Grandlienard | Mar 5, 2020

In a previous blog on Object Identifiers (OID) in PKI, I mentioned creating a certificate template for Remote Desktop Connection (RDP).  In this blog, I will show how to create the template, why the OID and extensions are important, and how to implement it and remove self-signed certificate warnings from RDP connections.  Important Note Prior…

Read More

Accessing and using certificate private keys in .NET Framework/.NET Core

By Vadims Podāns | Feb 24, 2020

This blog post is about programming and its purpose is to have a link to direct developers for explanation. Inspired from this list: Casting private key to RSACryptoServiceProvider not working Best way to initiate RSACryptoServiceProvider from x509Certificate2? Unable to cast object of type ‘RSACng’ to type ‘System.Security.Cryptography.RSACryptoServiceProvider’ RSACryptoServiceProvider not working in .net core Getting RSA…

Read More

Microsoft KB Archive update, February 2020

By Vadims Podāns | Feb 18, 2020

Hello everyone! Today I want to provide some cool news from our Microsoft KB Archive service. UX changes After service launch, we received various feedback from users and I addressed most requested ones. Search bar everywhere Initially, there was only dedicated page with search box to search for articles. Now, search box is placed on…

Read More

The PKI Guy’s Next Crypto Adventure…

By Kelly Stremel | Feb 12, 2020

Gearing up for RSAC 2020 It’s almost time to embark on a crypto adventure to San Francisco, to the world’s leading information security conference and join the thousands of other security experts at RSA Conference, taking place February 24-28, 2020. Mark Cooper, aka The PKI Guy, will be there in full force, talking about quantum…

Read More

Announcing our Microsoft KB Archive Service

By Vadims Podāns | Jan 29, 2020

We have been working on an interesting skunkworks style project and are pleased to share our work with all of you. It all started when we started to notice Microsoft was archiving/deleting Support KB articles from its site – often even when the information was still pertinent. We started noticing a number of the items…

Read More

Reminder: LDAP signing requirements in March 2020

By Vadims Podāns | Jan 22, 2020

In August 2018, Microsoft issued a security advisory ADV190023 Microsoft Guidance for Enabling LDAP Channel Binding and LDAP Signing about unsigned LDAP communication blocking in Active Directory starting with March 2020. A quick poll identified that not all customers are aware about upcoming changes or have prepared to them. What is LDAP Binding? LDAP binding…

Read More