Designing and Implementing a PKI: Part I Design and Planning

The series: Designing and Implementing a PKI: Part I Design and Planning Designing and Implementing a PKI: Part II Implementation Phases and Certificate Authority Installation Designing and Implementing a PKI: Part III Certificate Templates Designing and Implementing a PKI: Part IV Configuring SSL for Web Enrollment and Enabling Key Archival Designing and Implementing a PKI:… Read more

Extended Validation support for websites using internal certificates

Hey all Rob here again. One feature that that is new with Windows Server 2008R2 / Windows 7 is the ability to configure your internal certification authority hierarchy in order to issue certificates that can show as Extended Validation certificates. So for those of you who do not know, this means that you will get… Read more

Mapping One Smartcard Certificate to Multiple Accounts.

Good morning world, Paul Fragale here to bring you the latest trend in smart card logon requests. Some people have been reading on our TechNet pages, such as Smart Card Authentication Changes, about the ability to allow users to have one smart card, one certificate on that smart card, and map to multiple users. This… Read more

Implementing an OCSP responder: Part IV – Configuring OCSP for use with Standalone CAs

Chris here again. In part I of this series we covered the basics of how OCSP works. We also covered the underlying reasons for deploying an OCSP Responder. In Part II we covered configuring the Certificate Authorities for whom which the OCSP Responder will check revocation status for on behalf of the clients. In Part… Read more

Implementing an OCSP responder: Part III – Configuring OCSP for use with Enterprise CAs

Chris here again. As promised I will be covering configuring an OCSP Responder to support Enterprise CA. I will also be covering validating your OCSP Configuration. Installing OCSP Responder Role The first step is to install the OCSP Responder Role. To install the OCSP Responder: Open a command prompt and type: servermanagercmd.exe –install ADCS-Online-Cert. Configuring… Read more

Implementing an OCSP responder: Part II – Preparing Certificate Authorities

Chris here again. In Part I we covered some of the basics and background information on the reason for the OCSP Responder and a basic understanding of how the OCSP Responder functions. So now we look towards implementing the OCSP Responder. However, before we move forward with the Install of the OCSP Responder we must… Read more

Implementing an OCSP responder: Part I – Introducing OCSP

The series: Designing and Implementing a PKI: Part I Design and Planning Designing and Implementing a PKI: Part II Designing and Implementing a PKI: Part III Certificate Templates Chris here again. For those Security Architects and PKI implementers, you may have known that since Windows Server 2008 we have an Online Certificate Status Protocol (OCSP)… Read more

How to configure the Windows Server 2008 CA Web Enrollment Proxy

Hi all, Rob here again. I had a case recently where the customer wanted to have the Windows Server 2008 Certificate Authority website loaded on another machine. For those of you that do not know, you can install the Windows Server 2008 CA web site pages on an alternate server from the CA. One reason… Read more

Successful Errors Installing Windows Server 2008 Certificate Authority

Oxymoron – a figure of speech by which a locution produces an incongruous, seemingly self-contradictory effect, as in “cruel kindness” or “succeeded with errors.” Hi, Ken here. Recently I encountered an issue where the customer was trying to install certificate services on Windows Server 2008. They installed the Active Directory Certificate Services role using Server… Read more