Clik here to view.
The missing EDIT button in the CA properties extensions tab
To adjust the CRL and AIA distribution point there are at least three choices to do it. The most familiar way to change the distribution point might be through the CA MMC user interface. The second way...
View ArticleClik here to view.
How to re-install the default certificate templates?
When you launch the certificate templates MMC snap-in (certtmpl.msc) for the first time, the certificate templates are installed automatically in the background. Installing the templates is...
View ArticleClik here to view.
How to refresh the CRL cache on Windows Vista
By default, Windows is caching Certificate Revocation Lists (CRL) and CA certificates to quickly verify certificate chains. The downside of this behavior is that a newer CRL is not picked up by the...
View ArticleClik here to view.
How EffectiveDate (thisupdate), NextUpdate and NextCRLPublish are calculated
The validity time of a certificate revocation list (CRL) is critical for every public key infrastructure. By default, most applications verify the validity of certificates against a CRL.Two CRL types...
View ArticleClik here to view.
You cannot add V2 or V3 templates after an inplace upgrade was performed on a...
Technically, it is possible to install an enterprise CA on a Windows Server Standard edition. With this configuration, enterprise features of the certification authority are intentionally not...
View ArticleClik here to view.
Suppressing certificate attributes in a CA certificate request
When a PKCS#10 request for a CA certificate is generated, a pre-defined set of certificate attributes is included. This blog entry explains how to eliminate attributes that would go into the CA...
View ArticleClik here to view.
How to decommission a Windows enterprise certification authority and how to...
Today I want to comment on the quite popular Microsoft Knowledgebase article How to decommission a Windows enterprise certification authority and how to remove all related objects from Windows Server...
View ArticleClik here to view.
Certificate Services setup failed with the following error: Element not...
Until Windows Server 2008 shipped, every Domain Controller had a readable and writable copy of the Active Directory schema, domain naming context and configuration naming context. This statement...
View ArticleClik here to view.
Certificate distribution and the Microsoft Terminal Services Client
A few days ago I worked in a test environment that also consists of a PKI. I used the Microsoft Terminal Services Client (mstsc.msc) for a while to connect to various machines in the test environment....
View ArticleClik here to view.
How to configure the Windows Server 2008 CA Web Enrollment Proxy
A co-worker posted an interesting blog about configuring the Windows Server 2008 CA Web Enrollment proxy at...
View ArticleClik here to view.
Automated CA installs using VB script on Windows Server 2008 and 2008R2...
Starting with Windows Server 2008 the CA product team introduced a set of COM objects that can be used to control the installation of CAs. Using VBScript you can quickly automate the setup and...
View ArticleClik here to view.
Decommissioning an Old Certification Authority without affecting Previously...
Jonathan Stephens posted an excellent Blog about this topic; however, it didn’t include the steps. As a result, I decided to type this Blog detailing the steps required. The following assumptions have...
View Article[CrossPost] Microsoft PKI OCSP Responder Now JITC Certified and Lab Setup Guide
For those that missed the big news on the Ask Premier Field Engineering (PFE) Platforms blog, our OCSP responder is now JITC certified. This certification is important for customers looking to deploy...
View ArticleA novel method in IE11 for dealing with fraudulent digital certificates
Digital certificates are a key mechanism for establishing identity on the Internet. Trust in these certificates is a result of trusting the issuing entity – the Certification Authority (CA)....
View ArticleClik here to view.
Constraints: what they are and how they’re used
Hey everyone this is Wes Hammond from Premier Field Engineering and I wanted to share with you some info that I have gathered about setting up constraints. What are Constraints? Constraints are used to...
View ArticleClik here to view.
Windows Server 2012 R2/IIS8.5 – Automatic Rebind of Renewed Certificates
Hello All, This is Wes Hammond with Premier Field Engineering back with follow up to a previous blog about automatic renewal of web site certificates. The original blog can be found in the references...
View ArticleClik here to view.
Setting up TPM protected certificates using a Microsoft Certificate Authority...
Hey Everyone, This is Wes Hammond with Premier Field Engineering back to share what I have learned about protecting digital certificates using the Trusted Platform module in Windows desktops, laptops...
View ArticleClik here to view.
Setting up TPM protected certificates using a Microsoft Certificate Authority...
Hey Everyone, I am back with part 2 of this 3 part series on TPM protected certificates. The topics covered in this are related to Virtual Smart Cards, their benefits, and lastly their limitations. I...
View ArticleClik here to view.
Setting up TPM protected certificates using a Microsoft Certificate Authority...
Hey Everyone, I am back with the last part of this 3 of this series on TPM protected certificates. The last topic for this series is on Key Attestation. Recently I have had a few people ask me about...
View ArticleClik here to view.
Setting up NDES using a Group Managed Service Account (gMSA)
Setting up NDES using a Group Managed Service Account (gMSA) Hallo everybody, this is Andy and Dagmar from Austrian Premier Field Engineering (PFE) describing how to implement NDES using a gMSA...
View Article
