Windows PKI blog
News and information for public key infrastructure (PKI) and Active Directory Certificate Services (AD CS) professionals
CA manager approval required for certificate re-enrollment
Hi there, this is Larry, Developer from US, and Fabian, PFE from Germany, writing about an uncommon...
Author: Fabian Müller [MSFT] Date: 03/08/2011
Quick Check on ADCS Health Using Enterprise PKI Tool (PKIVIEW)
PKIVIEW was first introduced in Windows Server 2003 Resource kit. The tool is installed by default...
Author: Amerk [MSFT] Date: 02/28/2011
Verifying The SSL Certificate Expiration with a tool
An active member of our community developed a very handy tool to verify - or let's actually say...
Author: MS2065 [MSFT] Date: 02/21/2011
Common Questions about SHA2 and Windows
Since my last post about SHA2 and Windows I’ve received numerous questions from customers and...
Author: Adam Stasiniewicz Date: 02/08/2011
SHA2 and Windows
UPDATE (2/8): Based on some recent questions, additional information has been posted about SHA2 and...
Author: MS2065 [MSFT] Date: 09/30/2010
Active Directory Certificate Services Monitoring Management Pack
A new version of the Certificate Services Monitoring Management Pack became available. Get more...
Author: MS2065 [MSFT] Date: 08/16/2010
Microsoft Certificate Server virtualization policy
If you are unsure regarding the Microsoft Certificate server virtualization policy, just see the...
Author: MS2065 [MSFT] Date: 08/09/2010
Backing up Windows Server 2008 ADCS CA Keys
[EDIT 2/20/2012] This problem has recently been resovled in a hotfix update. System state backup...
Author: markbcooper Date: 08/06/2010
Firewall Rules for Active Directory Certificate Services
Below is a list of ports that need to be opened on Active Directory Certificate Services servers to...
Author: oshekel Date: 06/25/2010
Design Considerations before Building a Two Tier PKI Infrastructure
Environmental Dependencies: 1- Determine if the Active Directory Forest has Windows 2000 Domain...
Author: Amerk [MSFT] Date: 06/19/2010
Certificate Path Validation in Bridge CA and Cross-Certification Environments
Recently, we’ve had a deluge of questions regarding chain building and selection, especially in the...
Author: siadukia Date: 05/12/2010
Powershell CRL Copy
This script writes a Certification Authority's Certificate Revocation List to HTTP based CRL...
Author: MS2065 [MSFT] Date: 05/12/2010
How to Request a Certificate With a Custom Subject Alternative Name
Today many servers require some sort of SSL certificate to be deployed and in many cases custom...
Author: Alex Radutskiy [MSFT] Date: 04/22/2010
Disaster Recovery Procedures for Active Directory Certificate Services (ADCS)
Introduction: When designing a public key infrastructure (PKI) for your organization, you must...
Author: Amerk [MSFT] Date: 04/20/2010
Windows Server 2008 R2 AD CS Migration Guide
The official version of the new 2008 R2 ADCS Migration Guide is now available at...
Author: ltalbot Date: 03/19/2010
What CA types are supported for clustering?
There are two types of certification authorities: Standalone and Enterprise. Only Enterprise...
Author: MS2065 [MSFT] Date: 03/08/2010
Whitepaper “HSPD-12 Logical Access Authentication and Active Directory Domains”
This document explains the interdependencies between Active Directory Domain Services (AD DS) and...
Author: MS2065 [MSFT] Date: 02/10/2010
Windows CA Performance Numbers
Below are some numbers we have measured when testing the Windows CA in our lab environment. Note...
Author: oshekel Date: 01/11/2010
Clustered Certification Authority maintenance tasks
The colleagues from the AskDS blog posted a quite valuable article about Clustered CA maintenance...
Author: MS2065 [MSFT] Date: 01/10/2010
Server 2008 R2 ADCS Migration Guide Beta
The beta version of the new 2008 R2 ADCS Migration Guide is now available at...
Author: ltalbot Date: 12/21/2009
AD Schema Requirements for Windows PKI features
There have been a number of questions about Active Directory (AD) schema requirements for the...
Author: Alex Radutskiy [MSFT] Date: 12/04/2009
How Certificates Are Created
The following text is a simple copy/paste from the TechNet article How Certificates Work (section...
Author: MS2065 [MSFT] Date: 11/09/2009
Certificate Revocation Checking Whitepaper
A whitepaper on Certificate Revocation Checking in Windows Vista and Windows Server 2008 has been...
Author: Yogesh Mehta Date: 11/07/2009
Certificate Validation on Windows XP with Entrust SSP Issued HSPD-12 Certificates
On May 9th, 2009 Entrust Managed Services (provider of HSPD-12 certificates) performed a key update...
Author: oshekel Date: 10/22/2009
BranchCache Deployment Guide for Windows Server 2008 R2 and Windows 7
A new deployment guide was published on Windows7 BranchCache. It covers the PKI requirements for...
Author: oshekel Date: 10/06/2009
Introducing Certificate Template API
WARNING: USE OF THE SAMPLE CODE PROVIDED IN THIS ARTICLE IS AT YOUR OWN RISK. Microsoft provides...
Author: Alex Radutskiy [MSFT] Date: 09/25/2009
Using VBScript to install CA on WS2008R2 server core
In my previous post I provided a script used for setup and installation of a CA using VBScript. The...
Author: shawncor Date: 09/18/2009
Automated CA installs using VB script on Windows Server 2008 and 2008R2 [UPDATED]
Starting with Windows Server 2008 the CA product team introduced a set of COM objects that can be...
Author: shawncor Date: 09/18/2009
Official Microsoft Team Blogs / Microsoft Blogs
If you are interested in reading more official Microsoft Team blogs, see...
Author: MS2065 [MSFT] Date: 09/15/2009
Certificate Enrollment Web Services Whitepaper
The Windows Server 2008 R2 Certificate Enrollment Web Services Whitepaper has been posted to the...
Author: JField Date: 09/14/2009
How to get request statistics by template in PowerShell
I’ve been working with our support folks helping one of our customers. One of the things we wanted...
Author: Alex Radutskiy [MSFT] Date: 09/09/2009
Active Directory Certificate Services Features by SKU
We’ve had many requests for what services and features are available in what Windows Server...
Author: JField Date: 09/02/2009
Vishal’s nuggets
Subscribe to Vishal’s blog at https://blogs.technet.com/vishalagarwal/ for real good certificate and...
Author: MS2065 [MSFT] Date: 08/28/2009
Cross-forest certificate enrollment white paper update
We’ve just updated the Beta version of the cross-forest certificate enrollment white paper. In...
Author: Alex Radutskiy [MSFT] Date: 08/24/2009
Creating self-signed certificates with a script
Here is a great post by one of my colleagues on how to create a self-signed certificate using...
Author: Alex Radutskiy [MSFT] Date: 08/23/2009
Populate Subject Name for Offline Templates on Renew
Offline templates are certificate templates that require the subject name to be part of the...
Author: andrew.bernat Date: 08/21/2009
Updated Network Device Enrollment Service (aka SCEP) white paper
I have just updated this paper. Here is the latest draft:...
Author: Alex Radutskiy [MSFT] Date: 08/17/2009
Extended Validation support for websites using internal certificates
The Active Directory team has published a new blog post how to configure Extended Validation support...
Author: MS2065 [MSFT] Date: 08/14/2009
CA Performace testing
One of our collegues posted an interesting blog entry on CA scalability testing:...
Author: Alex Radutskiy [MSFT] Date: 08/12/2009
AD CS Installation is Crashing on x64 Platform
The following problem affects a Certification authority running on the 64-bit edition of Windows...
Author: dedsMilan Date: 08/09/2009
Understanding Key Archival
It came to my attention that there is little understanding regarding the relationship between...
Author: MS2065 [MSFT] Date: 08/07/2009
How to create a web server SSL certificate manually
The Internet Information Server (IIS) and Microsoft Internet Security and Acceleration (ISA) provide...
Author: MS2065 [MSFT] Date: 08/05/2009
Morello on PKI
I came across two valuable blog posts from my co-worker Morello. The articles have been posted to...
Author: MS2065 [MSFT] Date: 07/26/2009
What is a strong key protection in Windows?
Strong key protection is one of the most misunderstood features in Windows security. In this post I...
Author: Alex Radutskiy [MSFT] Date: 06/16/2009
PKI Enhancements in Windows 7 and Windows Server 2008 R2
The TechNet Magazine released a new article about the PKI Enhancements in Windows 7 and Windows...
Author: MS2065 [MSFT] Date: 06/11/2009
CA performance
Back in the year 2003 we have published information about the CA performance and how it is impacted...
Author: MS2065 [MSFT] Date: 05/14/2009
PKI at TechEd 2009 in LA
Attending TechEd 2009 next week? If you or your customers are around on Monday 5/11, I (objectively)...
Author: cmaca Date: 05/06/2009
How to configure the Windows Server 2008 CA Web Enrollment Proxy
A co-worker posted an interesting blog about configuring the Windows Server 2008 CA Web Enrollment...
Author: MS2065 [MSFT] Date: 04/23/2009
Suite B PKI in Windows Server 2008 and Windows Server 2008R2
I'm happy to announce the availability of the Suite B PKI in Windows Server 2008 whitepaper. The...
Author: ltalbot Date: 04/15/2009
Certificate distribution and the Microsoft Terminal Services Client
A few days ago I worked in a test environment that also consists of a PKI. I used the Microsoft...
Author: MS2065 [MSFT] Date: 02/09/2009