The PKI Blog

Handling X509KeyStorageFlags in applications

By Vadims Podāns | Jun 21, 2021
PKI Solutions Logo

Hello everyone!While participating on StackOverflow.com, I’m observing common in-app certificate handling misuses in .NET applications and I want to share some thoughts on this. Today I would like to speak about handling X509Certificate2 object creation inside the application code, common problems in handling private key material, potential issues and how to overcome them.Problem DescriptionThe not-so-recent…

Read More

PKI Solutions – A Personal Journey and Trusted Business Solution

By Carolyn Ballo | May 10, 2021

Last summer while on lockdown along with the rest of the world, I was presented with an opportunity to work for PKI Solutions, a global leader in PKI consulting and professional services based in Portland, OR.  At the time, I was managing my sales and marketing business and considered taking on more work. There was…

Read More

Just Released – Licensing Options for Our PKI Tools

By ThePKIGuy | May 7, 2021
Mark Cooper President & Founder PKI Solutions

I am pleased to announce that based on overwhelming demand, starting today we are now providing licensed and supported versions of our most popular PKI tools – PowerShell PKI Module, ASN.1 Editor, and the SSL Certificate Verifier. Available in single user or enterprise licenses and includes 12-months of support for the tool. The licensing model…

Read More

PowerShell File Checksum Integrity Verifier (PsFCIV)

By Vadims Podāns | Mar 29, 2021
Vadims Podans PKI Developer

Today I’m glad to announce a PowerShell File Checksum Integrity Verifier (hereinafter PsFCIV) availability as a standalone package. Years ago a friend of mine asked to develop a PowerShell script that would replace a now-discontinued Microsoft File Checksum Integrity Verifier (FCIV) tool that is an essential utility to check integrity of large file shares. While…

Read More

Request extension processing in Active Directory Certification Authority

By Vadims Podāns | Feb 2, 2021
Vadims Podans PKI Developer

Hello S-1-1-0, Crypt32 is on air! Today I want to explain how ADCS Certification Authority processes extensions from incoming requests and certificate templates. Every X.509 V3 certificate contains certificate extensions to include extra information about certificate owner, issuer, intended usages, limitations/constraints. CA utilize multiple sources to generate extension list to be included in signed certificate,…

Read More

Name Constraints Extension

By Naheed Jivani | Jan 19, 2021
Naheed Jivani PKI Solutions Consultant

The Name Constraints extension indicates to the relying party what namespaces are acceptable for the various hierarchical name forms such as DN, DNS names, URL, IP address, RFC 822 names, UPN, etc.  The extension is only valid for a CA certificate.  There are two components for this as defined in https://tools.ietf.org/html/rfc5280#section-4.2.1.10 as: Permitted Subtree(s):  This…

Read More

Changes to the Online Assessment Portal Program

By ThePKIGuy | Jan 13, 2021
Guy on Laptop PKI Assessment Portal

Since the launch of our Online Assessment Program in 2020, we have seen incredible interest in the ability to perform a thorough review and assessment of an organization’s PKI without the expense and effort of working with a consultant onsite. The self-paced, on-demand approach was an industry first for reviewing and assessing the configuration, health,…

Read More

RPKI – The most important Internet security component you never heard of.

By Peter DiToro | Dec 9, 2020
Peter DiToro Strategic Advisor For PKI Solutions

What do AWS, Radware, Nintendo, Google, and Facebook all have in common (other than being some of the smartest actors in internet commerce)? Over the past 18 months, they have all been impacted by outages traceable to the Border Gateway Protocol (BGP). The BGP was designed in 1994, literally on a napkin, to route data…

Read More

ADCS certificate serial number generation algorithms – a comprehensive guide

By Vadims Podāns | Nov 4, 2020
Vadims Podans PKI Developer

Hello S-1-1-0, @Crypt32 is again on a failboatboard with new blog post. Today I will share information about a little-known portion in configuration of Microsoft ADCS Certification Authority – serial number generation algorithm. This article assumes big-endian encoding Certificate serial number requirements Every X.509 conforming CA generates a unique serial number for each issued certificate,…

Read More