How to avoid Delta CRL download errors on Windows Server 2008 with IIS7

If delta CRLs are hosted on a Windows Server 2008 server running Internet Information Server 7 (II7), the configuration of a request filter must be changed in the IIS7 configuration. IIS7.0 does not allow URI’s that do not match upon double escaping. Delta CRLs fall into that category because of the plus sign in the…

0

Update: Import the Root CA Certificate and CRL into an Intermediate CA from a Batch File

It came to our attention that the Best Practices for Implementing a Microsoft Windows Server 2003 Public Key Infrastructure whitepaper provides wrong guidance in section Import the Root CA Certificate and CRL into an Intermediate CA from a Batch File. The current documentation recommends that the CRL published by the Root CA is to be…

0

How to set up a CA with a CNG (ECC) certificate

One of the improvements of the Windows Server 2008 Certification authority is the support for Cryptography Next Generation (CNG) with Elliptic Curve Cryptography (ECC).   I have described the CNG capabilities in my Certificate Server Enhancements in Windows Server codename “Longhorn” whitepaper but after reviewing the paper recently I noticed that it does not exactly…

1