Skip to content

The PKI Blog

Managing Risk from TLS Inspection

By ThePKIGuy | Nov 27, 2019

Recently, the National Security Agency (NSA) published a guide to Managing Risk from Transport Layer Security Inspection. The guide is designed to highlight the unique risks introduced into environments by the use of TLS inspection appliances. It also covers a few recommendations on how to secure these devices. There are some additional areas we recommend…

Read More

A comprehensive RFP/RFI guide to procuring PKI and digital certificate solutions

By ThePKIGuy | Nov 25, 2019

We recently announced that we are working with Remme to expand our portfolio of PKI offerings and services for enterprises – designed to meet the evolving demands of public key encryption and certificate management. Together we have created a comprehensive template for organizations to use when starting a Request for Proposal (RFP) to find a…

Read More

How to Future-Proof IoT Security

By ThePKIGuy | Nov 5, 2019

“[A] connected device has the ability to cause more disruption, which could cause actual physical injury or even death,” warns Merritt Maxim, an analyst with Forester. We are surrounded by Internet of Things (IoT) in our everyday work and lives: temperature sensors, implantable insulin pumps, industrial water pumps, navigation systems, security cameras, commercial airliners. The…

Read More

Deleting certificates from Windows Certificate Store programmatically (PowerShell and C#)

By Vadims Podāns | Oct 2, 2019

Yesterday I went through one thread on Reddit: New to PS and want to create a script to clear all personal certificates from a local machine and something was suspicious to me. Then I went further and asked google for similar question and examined first page: Delete certificate from Computer Store Removing a certificate from…

Read More

PowerShell PKI Module v3.4.2 and upcoming plans

By Vadims Podāns | Aug 26, 2019

I’m glad to announce that a new version of PowerShell PKI (PSPKI) module is released. It is available for installation from PowerShell Gallery: https://www.powershellgallery.com/packages/PSPKI/ PSPKI was in stable development for last year and most changes are bug fixes and usability improvements. Release notes for v3.4.2: https://www.pkisolutions.com/tools/release-notes-for-pspki-v342/. However, it doesn’t mean that the module is done…

Read More

Basic Constraints certificate extension

By Vadims Podāns | Aug 12, 2019

Hello everyone! Today I’m going to talk about X.509 Basic Constraints certificate extension. Basic Constraints is an X.509 Version 3 certificate extension and is used to identify the type of the certificate holder/subject. In the past (prior to version 3 X.509 certificates) it was impossible to identify who is the subject: CA certificate or end…

Read More

SHAKEN/STIR is Getting Real

By ThePKIGuy | Aug 5, 2019

The Federal Communications Commission (FCC) estimates robocalls will constitute more than half of all phone calls placed in the U.S. this year. In an effort to end to this, the FCC and major telecommunications companies including Comcast, AT&T, and T-Mobile have lined up behind a new standard called SHAKEN/STIR (Signature-based Handling of Asserted Information using…

Read More

Database log files are not truncated when you perform a full Certification Authority database backup

By Vadims Podāns | Aug 2, 2019

As part of joining PKI Solutions, several blog posts from my old site are re-posted here for visibility and thoroughness. You have Windows Server 2008 R2 with installed Active Directory Certification Authority role. When you perform a full database backup by using either certutil.exe utility, or Certification Authority, the database log files are not truncated,…

Read More

You cannot download CA certificate from web enrollment pages

By Vadims Podāns | Aug 2, 2019

As part of joining PKI Solutions, several blog posts from my old site are re-posted here for visibility and thoroughness. When you try to download CA certificate from web enrollment pages you get a prompt message with unreadable proposed file name: Do you want to save certnew_cer?ReqID=CACert&Renewal=1&Enc=bin (1,09 KB) from <ServerName> And when you press…

Read More
Scroll To Top