Server 2008 R2 ADCS Migration Guide Beta

The beta version of the new 2008 R2 ADCS Migration Guide is now available at The guide describes the necessary steps for a successful migration of enterprise or standalone CAs from Windows Server 2003 and Windows Server 2008 to Windows Server 2008 R2. Also included are steps for migration to Server Core. This is a…


AD Schema Requirements for Windows PKI features

There have been a number of questions about Active Directory (AD) schema requirements for the Windows PKI features so I decided this deserves a blog post. Cheat sheet 1. Version 2 and Version 3 certificate templates require Windows Server 2003 (version 30) or later schema. It doesn’t matter if CA that issues them is based…

How Certificates Are Created

The following text is a simple copy/paste from the TechNet article How Certificates Work (section How Certificates are Created). Why am I posting this information to the blog? Quite simple: I recognize that it is often overlooked that the key pair generation is always the very first step of a certificate creation. Certificates are issued…


Certificate Revocation Checking Whitepaper

A whitepaper on Certificate Revocation Checking in Windows Vista and Windows Server 2008 has been publshed on Technet here – Topics in this whitepaper include: ·         What’s new in Windows Vista and Windows Server 2008 revocation checking ·         How revocation checking works ·         How pre-fetching revocation information improves performance ·         Support for independent OCSP signer…


Certificate Validation on Windows XP with Entrust SSP Issued HSPD-12 Certificates

On May 9th, 2009 Entrust Managed Services (provider of HSPD-12 certificates) performed a key update ceremony on the Entrust Managed Services Root and SSP certification authorities. HSPD-12 certificates issued after May 9th, 2009 will not work on the Windows XP operating system (i.e. RTM, SP1, SP2 and SP3). More information can be found in the…


BranchCache Deployment Guide for Windows Server 2008 R2 and Windows 7

A new deployment guide was published on Windows7 BranchCache. It covers the PKI requirements for this feature along with other deployment procedures.   The full guide can be found here: BranchCache Deployment Guide for Windows Server 2008 R2 and Windows 7


Introducing Certificate Template API

WARNING: USE OF THE SAMPLE CODE PROVIDED IN THIS ARTICLE IS AT YOUR OWN RISK. Microsoft provides this sample code “as is” without warranty of any kind, either express or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose. In this post I would like to talk…

Using VBScript to install CA on WS2008R2 server core

In my previous post I provided a script used for setup and installation of a CA using VBScript. The same script is capable of installing a CA on server core, where there is no UI available for installing. With the script and a few possible additional steps it’s pretty easy to install a CA on…


Automated CA installs using VB script on Windows Server 2008 and 2008R2 [UPDATED]

Starting with Windows Server 2008 the CA product team introduced a set of COM objects that can be used to control the installation of CAs. Using VBScript you can quickly automate the setup and installation of a CA.Below is a script that is being used by the product team in our testing of Certificate Services….


Official Microsoft Team Blogs / Microsoft Blogs

If you are interested in reading more official Microsoft Team blogs, see This page is a great collection of valuable blog information.