The PKI Blog

Reminder: LDAP signing requirements in March 2020

By Vadims Podāns | Jan 22, 2020

In August 2018, Microsoft issued a security advisory ADV190023 Microsoft Guidance for Enabling LDAP Channel Binding and LDAP Signing about unsigned LDAP communication blocking in Active Directory starting with March 2020. A quick poll identified that not all customers are aware about upcoming changes or have prepared to them. What is LDAP Binding?LDAP binding is…

Read More

Microsoft January Patches and CVE-2020-0601

By ThePKIGuy | Jan 14, 2020

After two days of forewarning, Microsoft released its January 2020 collection of updates for “Patch Tuesday.” It had been leaked that there was a critical flaw in the crypt32.dll library that could represent a serious security flaw for the entire world. The crypt32.dll library provides the foundation for cryptographic operations in Windows and is often…

Read More

How to create Certificate Trust List (CTL) using PowerShell

By Vadims Podāns | Jan 9, 2020

In this post, I will explain how to create custom certificate trust list (CTL) using PowerShell PKI (PSPKI) module. What is CTL? In short, CTL is a Microsoft open format of portable certificate container based on PKCS#7 format. Although, PKCS#7 already is a simple container for certificate, CTL provides several useful features: Name each list…

Read More

PowerShell PKI Module (PSPKI) v3.5 New Year Edition

By Vadims Podāns | Jan 8, 2020

Hello everyone, we are announcing a public availability of PowerShell PKI module v3.5 New Year Edition. New version is a big work around various aspects of PKCS#7 format and messages. Here is a summary of what we’ve done: Time-Stamp Protocol client As a part of improved support of PKCS#7 messages, we added a .NET-compatible RFC…

Read More

ASN.1 Editor v1.4 (Christmas Edition)

By Vadims Podāns | Dec 17, 2019

Hello world! I’m glad to announce a new version of ASN.1 Editor. I called this version as Christmas Edition, because it’s the end of the year. This version includes not only bug fixes, but some features. Changes in UI look When I shared screenshot of ASN tree view, not all people figured what numbers next…

Read More

Managing Risk from TLS Inspection

By ThePKIGuy | Nov 27, 2019

Recently, the National Security Agency (NSA) published a guide to Managing Risk from Transport Layer Security Inspection. The guide is designed to highlight the unique risks introduced into environments by the use of TLS inspection appliances. It also covers a few recommendations on how to secure these devices. There are some additional areas we recommend…

Read More

A comprehensive RFP/RFI guide to procuring PKI and digital certificate solutions

By ThePKIGuy | Nov 25, 2019

We recently announced that we are working with Remme to expand our portfolio of PKI offerings and services for enterprises – designed to meet the evolving demands of public key encryption and certificate management. Together we have created a comprehensive template for organizations to use when starting a Request for Proposal (RFP) to find a…

Read More

How to Future-Proof IoT Security

By ThePKIGuy | Nov 5, 2019

“[A] connected device has the ability to cause more disruption, which could cause actual physical injury or even death,” warns Merritt Maxim, an analyst with Forester. We are surrounded by Internet of Things (IoT) in our everyday work and lives: temperature sensors, implantable insulin pumps, industrial water pumps, navigation systems, security cameras, commercial airliners. The…

Read More

Deleting certificates from Windows Certificate Store programmatically (PowerShell and C#)

By Vadims Podāns | Oct 2, 2019

Yesterday I went through one thread on Reddit: New to PS and want to create a script to clear all personal certificates from a local machine and something was suspicious to me. Then I went further and asked google for similar question and examined first page: Delete certificate from Computer Store Removing a certificate from…

Read More