In a previous blog on Object Identifiers (OID) in PKI, I mentioned creating a certificate template for Remote Desktop Connection (RDP). In this blog, I will show how to create the template, why the OID and extensions are important, and how to implement it and remove self-signed certificate warnings from RDP connections. Important Note Prior…
Read More
This blog post is about programming and its purpose is to have a link to direct developers for explanation. Inspired from this list: Casting private key to RSACryptoServiceProvider not working Best way to initiate RSACryptoServiceProvider from x509Certificate2? Unable to cast object of type ‘RSACng’ to type ‘System.Security.Cryptography.RSACryptoServiceProvider’ RSACryptoServiceProvider not working in .net core Getting RSA…
Read More
Hello everyone! Today I want to provide some cool news from our Microsoft KB Archive service. UX changes After service launch, we received various feedback from users and I addressed most requested ones. Search bar everywhere Initially, there was only dedicated page with search box to search for articles. Now, search box is placed on…
Read More
Gearing up for RSAC 2020 It’s almost time to embark on a crypto adventure to San Francisco, to the world’s leading information security conference and join the thousands of other security experts at RSA Conference, taking place February 24-28, 2020. Mark Cooper, aka The PKI Guy, will be there in full force, talking about quantum…
Read More
We have been working on an interesting skunkworks style project and are pleased to share our work with all of you. It all started when we started to notice Microsoft was archiving/deleting Support KB articles from its site – often even when the information was still pertinent. We started noticing a number of the items…
Read More
In August 2018, Microsoft issued a security advisory ADV190023 Microsoft Guidance for Enabling LDAP Channel Binding and LDAP Signing about unsigned LDAP communication blocking in Active Directory starting with March 2020. A quick poll identified that not all customers are aware about upcoming changes or have prepared to them. What is LDAP Binding? LDAP binding…
Read More
After two days of forewarning, Microsoft released its January 2020 collection of updates for “Patch Tuesday.” It had been leaked that there was a critical flaw in the crypt32.dll library that could represent a serious security flaw for the entire world. The crypt32.dll library provides the foundation for cryptographic operations in Windows and is often…
Read More
In this post, I will explain how to create custom certificate trust list (CTL) using PowerShell PKI (PSPKI) module. What is CTL? In short, CTL is a Microsoft open format of portable certificate container based on PKCS#7 format. Although, PKCS#7 already is a simple container for certificate, CTL provides several useful features: Name each list…
Read More
Hello everyone, we are announcing a public availability of PowerShell PKI module v3.5 New Year Edition. New version is a big work around various aspects of PKCS#7 format and messages. Here is a summary of what we’ve done: Time-Stamp Protocol client As a part of improved support of PKCS#7 messages, we added a .NET-compatible RFC…
Read More