Implementing LDAPS (LDAP over SSL)

LDAP over SSL (LDAPS) is becoming an increasingly hot topic – perhaps it is because Event Viewer ID 1220 is catching people’s attention in the Directory Service Log or just that people are wanting the client to server LDAP communication encrypted. The quick summary of what this is all about is that when an LDAP client accesses…


Deployment of the new Federal Common Policy CA Root Certificate

Background On December 1, 2010 the Federal PKI Management Authority (FPKIMA), in compliance with NIST guidance, created a new SHA-256 Federal Common Policy root certification authority. Windows Update will include the new Federal Common Policy Root CA (FCPCA) certificate as part of the Microsoft Root Certificate Program on March 22, 2011. The FPKIMA will not…

7

CA manager approval required for certificate re-enrollment

Hi there, this is Larry, Developer from US, and Fabian, PFE from Germany, writing about an uncommon scenario that might raise questions sometimes. When enrolling certificates to clients or users, you might want to have control regarding the initial enrollment of the certificate in order to decide, if the specific device or user really should…


Quick Check on ADCS Health Using Enterprise PKI Tool (PKIVIEW)

PKIVIEW was first introduced in Windows Server 2003 Resource kit. The tool is installed by default when you install the Windows 2008 Active Directory Certificate Services Role, and had been re-branded as “Enterprise PKI”. The tool is implemented as a snap-in for the Microsoft Management Console. Enterprise PKI gathers information through Active Directory about the…

10

Verifying The SSL Certificate Expiration with a tool

An active member of our community developed a very handy tool to verify – or let’s actually say monitor – the validity of SSL server certificates. After downloading and extracting the the ZIP-file the tool is quite self explanatory. Press CTRL+A or click Add Server Entry on the Server List menu. Once you have entered…

10

Common Questions about SHA2 and Windows

Since my last post about SHA2 and Windows I’ve received numerous questions from customers and partners around three particular scenarios.  This post will try to address those questions.   Windows XP/2003 Enrollment in SHA2 Signed Certificates As covered in the previous post, Windows XP Service Pack 3 clients with KB 968730 can enroll SHA2 signed…