A fellow engineer at Microsoft, Roger Grimes, has published a great article on Implementing SHA-2 in ADCS.  You can read it at the link below: http://social.technet.microsoft.com/wiki/contents/articles/31296.implementing-sha-2-in-active-directory-certificate-services.aspx

Setting up NDES using a Group Managed Service Account (gMSA) Hallo everybody, this is Andy and Dagmar from Austrian Premier Field Engineering (PFE) describing how to implement NDES using a gMSA (instead of a normal domain user account). When creating a lab on how to implement NDES (Network Device Enrollment Service) on Windows Server 2012…

Hey Everyone, I am back with the last part of this 3 of this series on TPM protected certificates.  The last topic for this series is on Key Attestation.  Recently I have had a few people ask me about the Key Attestation tab in Windows Server 2012 R2.  Another person informed me they tried to…

Hey Everyone, I am back with part 2 of this 3 part series on TPM protected certificates.  The topics covered in this are related to Virtual Smart Cards, their benefits, and lastly their limitations.  I will also cover how to create a Virtual Smart Cards.  Management of certificates contained on the virtual smart card are…

Hey Everyone, This is Wes Hammond with Premier Field Engineering back to share what I have learned about protecting digital certificates using the Trusted Platform module in Windows desktops, laptops and servers. This is part one of a three part series that will include the Microsoft Platform Crypto Provider, Virtual Smart Cards, and lastly the…

Hello All, This is Wes Hammond with Premier Field Engineering back with follow up to a previous blog about automatic renewal of web site certificates.  The original blog can be found in the references below. IIS 8.5 in Windows Server 2012 R2 includes a new option that allows certificates renewed via Auto Enrollment to rebind…

Hey everyone this is Wes Hammond from Premier Field Engineering and I wanted to share with you some info that I have gathered about setting up constraints. What are Constraints? Constraints are used to restrict certificate authorities that you DO NOT TRUST that are part of your chain.  They come in the form of rules…

Digital certificates are a key mechanism for establishing identity on the Internet. Trust in these certificates is a result of trusting the issuing entity – the Certification Authority (CA). Unfortunately, as a result of a number of CA related incidents over the past few years, that trust has been somewhat undermined. A number of approaches…

For those that missed the big news on the Ask Premier Field Engineering (PFE) Platforms blog, our OCSP responder is now JITC certified.  This certification is important for customers looking to deploy our OCSP responder in US DoD environments.  Jesse Esquivel posted a really excellent explanation, and a lab guide to help folks get started…