As part of joining PKI Solutions, several blog posts from my old site are re-posted here for visibility and thoroughness. Issue Consider the following scenario: you are dumping CA database by using certutil, PowerShell or any other tool that utilizes ICertView2 interface and at some point you receive the following error Certutil: CertUtil: -view command FAILED: 0x80070006 (WIN32: 6) CertUtil:…
Read More
When the next iOS and macOS major update arrives this fall to iPhones, iPads and Macs there will be changes that impact environments with TLS certificates not current with standards. Certificates with key lengths shorter than 2048, those signed with a SHA1 algorithm, and certificates without the DNS name in the subject alternative name (SAN)…
Read More
Today, the Federal Communications Commission (FCC) held the SHAKEN/STIR Robocall Summit, led by Chairman Ajit Pai. The focus for the summit was to discuss the current state of efforts to stop robocalls and Caller ID spoofing and discuss the U.S. implementation of a new global standard called SHAKEN/STIR. Defined by the Alliance for Telecommunications Industry…
Read More
Why Public Key Infrastructure (PKI)? A PKI is the core of IT for enterprises, supporting network authentication, data encryption, code signing and secure email. In addition, in the next two years, 42 percent of Internet of Things (IoT) devices such as temperature sensors, televisions, and smart vehicles will rely primarily on digital certificates for identification…
Read More
Recently one of our colleagues at nCipher in England related to us an issue reported by one of its customers using the certutil -verify -urlfetch command against an issued end-entity certificate on Windows Server 2016 (Build 1607). Running the command with no extra options, the command indicates a failure in the output (see figure below).…
Read More
Over the course of Public Key Infrastructure (PKI) design, implementation, and management, you will encounter many terms and acronyms that are defined in this document. The biggest part of the PKI implementation process is meeting with the stakeholders to ask and answer questions about where things are, how they work, what they struggle with today,…
Read More
We thought we would have a little fun at RSA this year, with a bit of sleuthing and a cool giveaway courtesy of The PKI Guy! Maybe you need a deep-dive into Public Key Infrastructure (PKI) and Active Directory Certificate Services (ADCS) to take your PKI skills to the next level? PKI Solutions will soon…
Read More
A common question asked in our classes when we cover object identifiers (OIDs) is if there is a list of all the OIDs in a PKI environment. An object identifier is a string of decimal numbers that uniquely identifies an object. Since it isn’t a quick answer, I created this post to go a little…
Read More
Forty-three percent of businesses were a victim of a cybersecurity breach in the past year, based on the recent Cyber Security Breaches Survey 2018. Organizations are continuing to do a less than stellar job protecting their users’ data from inadvertent exposure, such as exposed APIs, poor authentication, etc. In fact, 4.5 billion data records were…
Read More