Group Protected PFX

A new feature is available in Windows Server 2012 and Windows 8 that allows you to protect exported PFX files (those in PKCS#12) to Active Directory Domain Services (AD DS) accounts. The feature is available only if you have a Windows Server 2012 domain controller deployed in your network. The TechNet Wiki article Certificate PFX…

Request File Can’t be Located during CA Certificate Renewal

During my work with a customer renewing their Issuing CA’s certificate based on the steps documented in this article, I discovered that the Request file generated couldn’t be located in the default location of %systemDrive% . The Issuing CA didn’t log any errors in the Event Log, nor did it post any error messages. I…


Decommissioning an Old Certification Authority without affecting Previously Issued Certificates and then Switching Operations to a New One

Jonathan Stephens posted an excellent Blog about this topic; however, it didn’t include the steps. As a result, I decided to type this Blog detailing the steps required. The following assumptions have to be met before proceeding with these steps: 1- There is a new valid Certification Authority configured 2- There is a new distribution point configured…


Windows PowerShell script for Setting up a CA on Windows Server 2008 and Windows Server 2008 R2

Microsoft MVP, Vadims Podans, has written and posted a Windows PowerShell script that can be used to setup a certification authority (CA). He posted his Windows PowerShell Script on the TechNet Script Repository as Setup Certification Authority with PowerShell posted at