Upgrade Certification Authority to SHA256

A common question in the field is about upgrading a certification authority running on Windows Server 2003 to use Crypto Next Generation (CNG) to support SHA256. CNG was introduced in Windows Server 2008 and higher operating systems, as a result,an upgrade to the operating system is required. After upgrading the certification authority’s operating system, you…


Renew Web Server (SSL) Certificates Automatically

Working with Internet Information Services (IIS) certificates can be a bit challenging especially during renewal time. Most organizations do not track Web SSL certificates which in turn might expire and cause an unplanned outage. Those who track this information on the other hand, have to make sure certificate are renewed before their expiration period or…


Windows PowerShell CRL Copy v2 posted to the gallery

Paul Fox has uploaded a revision of his former Windows PowerShell CRL Copy script. The new script is posted at the TechNet Gallery as Windows PowerShell Copy 2. The Windows PowerShell script monitors the remaining lifetime of a CRL, publishes a CRL to a UNC and\or NTFS location and sends notifications via SMTP and the Event Log.

PKI Library (PKI Documentation and Reference Library Updated)

Tonight I spent a couple of hours reorganizing the PKI Documentation and Reference Library. I also created a vanity short URL to it https://aka.ms/pkilibrary. Finding all our different information on AD CS and PKI can be challenging, so this reorganization will hopefully help you. If you see articles missing, broken links, or have suggestions –…

Windows Server 2012 Active Directory Certificate Services System State Backup and Restore

Windows Server 2012 System State Backup allows an administrator to back-up several Operating System components including those required for a successful restore of a Certification Authority. Any certification authority backup should include the private key, certificate database, logs and the certification authority’s registry configuration. Windows Server Backup Feature should be installed on the certification authority…


Certutil and Certreq

I have consolidated and updated two command line utilities recently: Certreq Certutil I took all the older links that I could find and pointed them to the locations above and then pointed out to the examples that we have already. Feel free to give me feedback on these consolidated documents. Thanks!