The PKI Blog

Enabling Active Directory Certificate Services (ADCS) advanced audit

By Vadims Podāns | Aug 12, 2021
Vadims Podans PKI Developer

Hello S-1-1-0, here is another unscheduled blog post on enabling advanced audit in Microsoft CA. Today I went through another thread on Twitter which suggests how to enable advanced audit in Microsoft CA. Throughout the thread it was apparent that only partial solution was provided. Windows CA auditing engines Microsoft CA implements a set of…

Read More

Crafting a dummy certificate with specific serial number in Microsoft ADCS

By Vadims Podāns | Aug 9, 2021
Vadims Podans PKI Developer

Today I went through a thread on Twitter with claims that there is no supported way to revoke a rogue certificate with known serial number in Microsoft CA. TL;DR skip to next section The long story short: the thread originally was focused on an OCSP deterministic response support. The idea behind this is that by…

Read More

Microsoft Security Advisory for ADCS exploit – ADV210003

By ThePKIGuy | Jul 26, 2021
PKI Solutions Logo

This morning we provided details to our existing support and co-management customers on a recent notice of vulnerability to certain Microsoft ADCS configurations. The exploit involves NTLM and leveraging some ADCS PKI components. Full details can be found here: https://msrc.microsoft.com/update-guide/en-US/vulnerability/ADV210003. Summary In environments with NTLM authentication still enabled in Active Directory and when using ADCS…

Read More

Cyber Attacks, Code Signing, and the Digital Supply Chain

By Carolyn Ballo | Jul 26, 2021

Hello again! Welcome to my second blog.  Going to shift gears a bit from my personal PKI journey to discuss cyber-attacks. With the recent SolarWinds and Colonial Pipeline incidents, cyber-attacks have been dominating the news.  These are just two of the latest in a string of attacks that are becoming all too frequent.  These assaults…

Read More

Targeting the Extended Supply Chain – a Brief Review of Stuxnet

By Peter DiToro | Jul 8, 2021
Peter DiToro Strategic Advisor For PKI Solutions

In November, 2010 Iranian president Mahmoud Ahmadinejad announced that a “cyber weapon” had been deployed against the Natanz nuclear laboratory. Indeed, some infosec pundits subsequently referred to the attack, called “Stuxnet”, as the first true cyber weapon to be used in anger. While that may be debatable, what is not in question is the design,…

Read More

Register TLS certificate with Remote Desktop Service using PowerShell

By Vadims Podāns | Jul 6, 2021
Vadims Podans PKI Developer

Hello everyone! This is a quick blog post that provides information on how to register TLS certificate with Remote Desktop Services (RDS). Starting with Windows Server 2008 R2 it became extremely easy to deploy RDS certificates to AD hosts from private CA using group policies and Microsoft CA. Since then RDS over TLS should be…

Read More

Handling X509KeyStorageFlags in applications

By Vadims Podāns | Jun 21, 2021
Vadims Podans PKI Developer

Hello everyone! While participating on StackOverflow.com, I’m observing common in-app certificate handling misuses in .NET applications and I want to share some thoughts on this. Today I would like to speak about handling X509Certificate2 object creation inside the application code, common problems in handling private key material, potential issues and how to overcome them. Problem…

Read More

PKI Solutions – A Personal Journey and Trusted Business Solution

By Carolyn Ballo | May 10, 2021

Last summer while on lockdown along with the rest of the world, I was presented with an opportunity to work for PKI Solutions, a global leader in PKI consulting and professional services based in Portland, OR.  At the time, I was managing my sales and marketing business and considered taking on more work. There was…

Read More

Just Released – Licensing Options for Our PKI Tools

By ThePKIGuy | May 7, 2021
Mark Cooper President & Founder PKI Solutions

I am pleased to announce that based on overwhelming demand, starting today we are now providing licensed and supported versions of our most popular PKI tools – PowerShell PKI Module, ASN.1 Editor, and the SSL Certificate Verifier. Available in single user or enterprise licenses and includes 12-months of support for the tool. The licensing model…

Read More