The PKI Blog

How to Future-Proof IoT Security

By ThePKIGuy | Nov 5, 2019

“[A] connected device has the ability to cause more disruption, which could cause actual physical injury or even death,” warns Merritt Maxim, an analyst with Forester. We are surrounded by Internet of Things (IoT) in our everyday work and lives: temperature sensors, implantable insulin pumps, industrial water pumps, navigation systems, security cameras, commercial airliners. The…

Read More

Deleting certificates from Windows Certificate Store programmatically (PowerShell and C#)

By Vadims Podāns | Oct 2, 2019

Yesterday I went through one thread on Reddit: New to PS and want to create a script to clear all personal certificates from a local machine and something was suspicious to me. Then I went further and asked google for similar question and examined first page: Delete certificate from Computer Store Removing a certificate from…

Read More

PowerShell PKI Module v3.4.2 and upcoming plans

By Vadims Podāns | Aug 26, 2019

I’m glad to announce that a new version of PowerShell PKI (PSPKI) module is released. It is available for installation from PowerShell Gallery: https://www.powershellgallery.com/packages/PSPKI/ PSPKI was in stable development for last year and most changes are bug fixes and usability improvements. Release notes for v3.4.2: https://www.pkisolutions.com/tools/release-notes-for-pspki-v342/. However, it doesn’t mean that the module is done…

Read More

Basic Constraints certificate extension

By Vadims Podāns | Aug 12, 2019

Hello everyone! Today I’m going to talk about X.509 Basic Constraints certificate extension. Basic Constraints is an X.509 Version 3 certificate extension and is used to identify the type of the certificate holder/subject. In the past (prior to version 3 X.509 certificates) it was impossible to identify who is the subject: CA certificate or end…

Read More

SHAKEN/STIR is Getting Real

By ThePKIGuy | Aug 5, 2019

The Federal Communications Commission (FCC) estimates robocalls will constitute more than half of all phone calls placed in the U.S. this year. In an effort to end to this, the FCC and major telecommunications companies including Comcast, AT&T, and T-Mobile have lined up behind a new standard called SHAKEN/STIR (Signature-based Handling of Asserted Information using…

Read More

Database log files are not truncated when you perform a full Certification Authority database backup

By Vadims Podāns | Aug 2, 2019

As part of joining PKI Solutions, several blog posts from my old site are re-posted here for visibility and thoroughness. April 1, 2020 – The issue described here is applicable to Windows Server 2016 and older. Windows Server 2019 has changed the behavior of log truncation – when a backup is performed, all unused logs…

Read More

You cannot download CA certificate from web enrollment pages

By Vadims Podāns | Aug 2, 2019

As part of joining PKI Solutions, several blog posts from my old site are re-posted here for visibility and thoroughness. When you try to download CA certificate from web enrollment pages you get a prompt message with unreadable proposed file name: Do you want to save certnew_cer?ReqID=CACert&Renewal=1&Enc=bin (1,09 KB) from <ServerName> And when you press…

Read More

Web server certificate enrollment with SAN extension

By Vadims Podāns | Aug 2, 2019

As part of joining PKI Solutions, several blog posts from my old site are re-posted here for visibility and thoroughness. Many of windows administrators requires to setup SSL on their web servers and mostly they wish to use certificates with the Subject Alternative Name extension that allows to map a single certificate to a multiple…

Read More

The case of accidentally deleted user certificates

By Vadims Podāns | Aug 2, 2019

As part of joining PKI Solutions, several blog posts from my old site are re-posted here for visibility and thoroughness. Sometimes users accidentally delete their certificates from personal store. After that users are not able to perform certificate-based tasks, i.e. decrypt files or mail, sign data and authenticate. Some organizations implement Key Archival for certificate and private…

Read More