Skip to content

The PKI Blog

Web server certificate enrollment with SAN extension

By Vadims Podāns | Aug 2, 2019

As part of joining PKI Solutions, several blog posts from my old site are re-posted here for visibility and thoroughness. Many of windows administrators requires to setup SSL on their web servers and mostly they wish to use certificates with the Subject Alternative Name extension that allows to map a single certificate to a multiple…

Read More

The case of accidentally deleted user certificates

By Vadims Podāns | Aug 2, 2019

As part of joining PKI Solutions, several blog posts from my old site are re-posted here for visibility and thoroughness. Sometimes users accidentally delete their certificates from personal store. After that users are not able to perform certificate-based tasks, i.e. decrypt files or mail, sign data and authenticate. Some organizations implement Key Archival for certificate and private…

Read More

Understanding Active Directory Certificate Services containers in Active Directory

By Vadims Podāns | Aug 2, 2019

As part of joining PKI Solutions, several blog posts from my old site are re-posted here for visibility and thoroughness. Hello folks! Today I want to explain in details about Active Directory containers related to ADCS (Active Directory Certificate Services), their purposes and how they work. Intro All ADCS related containers are stored in configuration…

Read More

You cannot submit a certificate request generated by Exchange Management Console (EMC) or Exchange Management Shell (EMS) to CA

By Vadims Podāns | Aug 2, 2019

As part of joining PKI Solutions, several blog posts from my old site are re-posted here for visibility and thoroughness. You create certificate certificate by using either Exchange Management Console (EMC) or Exchange Management Shell (EMS) and save it to a file. When you attempt to submit certificate request to a Windows-based Certification Authority (CA)…

Read More

‘The handle is invalid. 0x80070006 (WIN32: 6)’ when dumping CA database

By Vadims Podāns | Aug 2, 2019

As part of joining PKI Solutions, several blog posts from my old site are re-posted here for visibility and thoroughness. Issue Consider the following scenario: you are dumping CA database by using certutil, PowerShell or any other tool that utilizes ICertView2 interface and at some point you receive the following error Certutil: CertUtil: -view command FAILED: 0x80070006 (WIN32: 6) CertUtil:…

Read More

Certificate Requirements for Apple iOS 13 & macOS 10.15

By Jake Grandlienard | Jul 25, 2019

When the next iOS and macOS major update arrives this fall to iPhones, iPads and Macs there will be changes that impact environments with TLS certificates not current with standards. Certificates with key lengths shorter than 2048, those signed with a SHA1 algorithm, and certificates without the DNS name in the subject alternative name (SAN)…

Read More

Putting an End to Robocalls: FCC’s Robocall Summit Discusses Next Steps

By ThePKIGuy | Jul 11, 2019

Today, the Federal Communications Commission (FCC) held the SHAKEN/STIR Robocall Summit, led by Chairman Ajit Pai. The focus for the summit was to discuss the current state of efforts to stop robocalls and Caller ID spoofing and discuss the U.S. implementation of a new global standard called SHAKEN/STIR. Defined by the Alliance for Telecommunications Industry…

Read More

New Online PKI Training Courses Are a Deep Dive into Public Key Infrastructure: Critical for IT Security, IoT, 5G, and SHAKEN/STIR

By ThePKIGuy | May 2, 2019

Why Public Key Infrastructure (PKI)? A PKI is the core of IT for enterprises, supporting network authentication, data encryption, code signing and secure email. In addition, in the next two years, 42 percent of Internet of Things (IoT) devices such as temperature sensors, televisions, and smart vehicles will rely primarily on digital certificates for identification…

Read More

Certutil Bug in Windows Server 2016 Fails to Enumerate Issuance, Application Policies and OIDs

By ThePKIGuy | Apr 2, 2019

Recently one of our colleagues at nCipher in England related to us an issue reported by one of its customers using the certutil -verify -urlfetch command against an issued end-entity certificate on Windows Server 2016 (Build 1607). Running the command with no extra options, the command indicates a failure in the output (see figure below).…

Read More
Scroll To Top