Setting up TPM protected certificates using a Microsoft Certificate Authority – Part 2: Virtual Smart Cards

Hey Everyone, I am back with part 2 of this 3 part series on TPM protected certificates.  The topics covered in this are related to Virtual Smart Cards, their benefits, and lastly their limitations.  I will also cover how to create a Virtual Smart Cards.  Management of certificates contained on the virtual smart card are…

14

Setting up TPM protected certificates using a Microsoft Certificate Authority – Part 1: Microsoft Platform Crypto Provider

Hey Everyone, This is Wes Hammond with Premier Field Engineering back to share what I have learned about protecting digital certificates using the Trusted Platform module in Windows desktops, laptops and servers. This is part one of a three part series that will include the Microsoft Platform Crypto Provider, Virtual Smart Cards, and lastly the…

6

Windows Server 2012 R2/IIS8.5 – Automatic Rebind of Renewed Certificates

Hello All, This is Wes Hammond with Premier Field Engineering back with follow up to a previous blog about automatic renewal of web site certificates.  The original blog can be found in the references below. IIS 8.5 in Windows Server 2012 R2 includes a new option that allows certificates renewed via Auto Enrollment to rebind…

4

Constraints: what they are and how they’re used

Hey everyone this is Wes Hammond from Premier Field Engineering and I wanted to share with you some info that I have gathered about setting up constraints. What are Constraints? Constraints are used to restrict certificate authorities that you DO NOT TRUST that are part of your chain.  They come in the form of rules…

4

A novel method in IE11 for dealing with fraudulent digital certificates

Digital certificates are a key mechanism for establishing identity on the Internet. Trust in these certificates is a result of trusting the issuing entity – the Certification Authority (CA). Unfortunately, as a result of a number of CA related incidents over the past few years, that trust has been somewhat undermined. A number of approaches…

15

[CrossPost] Microsoft PKI OCSP Responder Now JITC Certified and Lab Setup Guide

For those that missed the big news on the Ask Premier Field Engineering (PFE) Platforms blog, our OCSP responder is now JITC certified.  This certification is important for customers looking to deploy our OCSP responder in US DoD environments.  Jesse Esquivel posted a really excellent explanation, and a lab guide to help folks get started…