Configuration, Availability, and Recoverability of All of Your PKI and HSM Environments By Mark B. Cooper OK, I’ll admit it. When it comes to talking about PKI environments, operational resilience is one of my favorite topics. Operational resilience is important because it defines how your organization’s identity and data encryption systems remain secure…
Read More
By Mark B. Cooper & Nick Sirikulbut Today, we’re excited and proud to announce the launch of PKI Spotlight, the industry’s first and only real-time PKI monitoring and alerting solution. This revolutionary product provides important information about the availability, configuration, and security of all of your organization’s PKI environments – all consolidated into one easy-to-use…
Read More
Editor’s Note: This is the second blog post in a series of posts from us that will focus on our PKI Revelations. How did Project Moonshot get started? Here’s the back story. The PKI Solutions team has been working side-by-side with you in the Public Key Infrastructure trenches for many years and we’ve…
Read More
Editor’s Note: This is the first blog post in a series of posts from us that will focus on our PKI Revelations. Trigger Alert: These blog posts may be real, raw, and controversial (but no PKIs were harmed in the writing of these posts). We hope you join us for the fun and read along!…
Read More
Happy New Year! New Year, New Way to PKI As we kick off the New Year, Mark B. Cooper, President & Founder of PKI Solutions, shares his thoughts about the past year and provides a look forward at the year ahead. 2021 was a transformative year for PKI Solutions as we continued to evolve our…
Read More
Hello S-1-1-0, here is another unscheduled blog post on enabling advanced audit in Microsoft CA. Today I went through another thread on Twitter which suggests how to enable advanced audit in Microsoft CA. Throughout the thread it was apparent that only partial solution was provided. Windows CA auditing engines Microsoft CA implements a set of…
Read More
Today I went through a thread on Twitter with claims that there is no supported way to revoke a rogue certificate with known serial number in Microsoft CA. TL;DR skip to next section The long story short: the thread originally was focused on an OCSP deterministic response support. The idea behind this is that by…
Read More
This morning we provided details to our existing support and co-management customers on a recent notice of vulnerability to certain Microsoft ADCS configurations. The exploit involves NTLM and leveraging some ADCS PKI components. Full details can be found here: https://msrc.microsoft.com/update-guide/en-US/vulnerability/ADV210003. Summary In environments with NTLM authentication still enabled in Active Directory and when using ADCS…
Read More
Hello again! Welcome to my second blog. Going to shift gears a bit from my personal PKI journey to discuss cyber-attacks. With the recent SolarWinds and Colonial Pipeline incidents, cyber-attacks have been dominating the news. These are just two of the latest in a string of attacks that are becoming all too frequent. These assaults…
Read More
[…] Solutions for their excellent posts on PKI in Active Directory, as well as their PSPKI PowerShell module, which our auditing toolkit is based […]