PowerShell PKI (PSPKI) Module

From Scripting to Real-Time Monitoring

The PSPKI module enabled PowerShell-based administration and scripting for Microsoft ADCS environments. It provided programmatic access to:

• Certificate templates

• Certification authority configuration

• Certificate revocation lists (CRLs)

• Published certificates and CA database contents

• Permissions and ACLs

• CDP and AIA distribution point validation

• Enrollment services and policy configuration

These capabilities offered critical visibility and control but relied heavily on manual scripting and deep platform knowledge. In today’s evolving PKI environments, that’s no longer enough.

A Modern Approach: PKI Spotlight

PKI Spotlight is the modern evolution of visibility and control for PKI administrators. Instead of relying on one-off scripts or scheduled checks, PKI Spotlight delivers:

• Real-time visibility into CA configurations, permissions, templates, and cryptographic usage

• Automated validation of CDP, AIA, and OCSP distribution points

• Alerting on CRL expiration, failures, and publishing issues

• Security posture checks for configuration drift, deprecated algorithms (e.g., SHA-1), and policy violations

• Operational health monitoring across Microsoft ADCS, HashiCorp Vault, and multi-vendor HSMs

• Topology and role mapping to visualize how your PKI infrastructure is structured and functioning

Many of the insights once provided by PSPKI scripts are now delivered continuously—and with greater context—by PKI Spotlight.

Why It Matters

Organizations today face increased regulatory scrutiny, staffing shortages, and growing security risks. The manual, script-driven approach no longer scales to meet these demands. PKI Spotlight addresses certificate lifecycle visibility, configuration awareness, and risk detection but replaces fragile scripting with robust, centralized observability.

Looking Ahead

We’re proud of PSPKI’s role in shaping the PKI administrator toolkit, but modern challenges require modern solutions.