The PKI Blog

The Hidden Cost of a Single Click

By ThePKIGuy | Nov 23, 2022

I type how I talk, and I tell stories in the voice of the time. It was a different time in corporate IT and a different attitude with the Microsoft stack ranking system. In 2007 I interviewed for the ACE Team at Microsoft and one of my interviewers was Roger Grimes. He asked me “How…

Read More

Programmatically Determining Access Rights on Certificate Private Keys

By Michael Bruno | Nov 16, 2022
Programmatically Determining Access Rights on Certificate Private Keys

There are times when the private key associated with a certificate needs to be accessible by multiple identities, not just the identity which owns the key material. An example is the deployment of the Microsoft Network Device Enrollment Services (NDES) role service on a server which needs to connect to a remotely hosted CA. In…

Read More

Field Report – Mitigating PKI Template Risks for Ephemeral Workloads and Desktop

By ThePKIGuy | Oct 31, 2022

Recently we were working with one of our large customers to address some challenges that aren’t new in PKI, but that we were able to handle with an entirely new set of tools to Mitigate PKI Risks. This customer is not only a consulting services customer leveraging our expertise to move off of a managed…

Read More

The mystery of “Valid existing certificate” setting in ADCS certificate templates – demystified

By Vadims Podāns | Oct 19, 2022

This is a follow-up of “Certificate renewal request is placed in pending state when Valid Existing Certificate is selected in certificate template” blog post and final nail into the subject. Let’s re-iterate the problem. ADCS Certificate Templates provide configuration for issuance requirements, which allows you to forcibly put request in pending state (no automatic issuance)…

Read More

Field Report – Stop REACTING to Expired CRLs

By ThePKIGuy | Oct 17, 2022

In this article, I continue to dig into how we are changing the world of PKI administration with PKI Spotlight. One of the most common issues organizations face around the world is due to expired Certificate Revocation Lists (CRLs). If you’re not already familiar, Certificate Authorities (CA) are not involved in the moment-to-moment verification of…

Read More

Windows 2012 R2 EOS, ADCS/PKI and You. Are You Ready or Risking?

By Josh Sommer | Oct 11, 2022
Windows 2012 R2 EOS End of Support Migration Update and Upgrade Services

Is your ADCS/PKI running on Windows 2012 R2? The Following article focuses on the End of Support for Windows 2012 R2 and some concerns you may have, along with a link to a solution for you. Microsoft is ending its support of Windows Server 2012 R2 on October 10, 2023. This will officially spell the…

Read More

ADCS Open Protocols specifications

By Vadims Podāns | Oct 11, 2022

Hello S-1-1-0, Today I want to talk about another area in ADCS I’m contributing to — Open Protocols specifications. Around 15 years ago, Microsoft moved toward to open source and started a new documentation branch called “Open Specifications”, where Microsoft publishes a very detailed Windows protocols specifications so third party can build compatible clients and…

Read More

Field Report – PKI Spotlight Rocked My World Again

By ThePKIGuy | Oct 4, 2022

This is another blog in the series about how PKI Spotlight is changing how customers realize improved operational efficiency, enhanced security, and better visibility of their PKI and HSM key management environments, and how it’s changing our world as PKI practitioners. All the names and specifics are redacted to protect the confidentiality of all involved…

Read More

PKI Solutions Adds CTO Shawn Rabourn

By Josh Sommer | Sep 26, 2022

PKI Solutions Announces Addition of CTO   The CTO role will enable PKI Solutions to not only expand its consulting capabilities and continue to mature PKI Spotlight    PORTLAND, Ore., Sept. 14, 2022 – PKI Solutions, a leading cybersecurity firm providing Public Key Infrastructure (PKI) products, services, and training, today announced that Shawn Rabourn has been…

Read More

1 Comment

  1. […] Solutions for their excellent posts on PKI in Active Directory, as well as their PSPKI PowerShell module, which our auditing toolkit is based […]