How to determine expiring certificates?

One question I get asked often is “How to determine what certificates are expiring?”.  This is especially critical for certificates that are not enrolled for with autoenrollment.  This is due to the fact that autoenrollment will renew certificates.  However, when requesting a certificate for a server, often the Subject or SAN are supplied in the…

0

Upgrading Your PKI from Windows Server 2003 to Windows Server 2008 R2 Part III: Upgrading Standalone Certification Authorities (Offline Root CAs / Offline Policy CAs)

In this segment I am going to cover upgrading Standalone Certification Authorities. Standalone Certification Authorities are Certification Authorities (CAs) that do not use certificate templates for forming and validating certificate requests. Standalone CAs can be joined to an Active Directory Domain or can be joined to a workgroup. In this segment I am going to…

0

Upgrading Your PKI from Windows Server 2003 to Windows Server 2008 R2 Part II: Upgrade Considerations

Today, I am going to talk about some things that you should consider before upgrading your existing PKI. The first question is “Are you happy with your existing PKI?” PKI is a niche technology. Many organizations setup a PKI with limited experience with this technology. As such many times an organization’s PKI is not configured…

0

Upgrading Your PKI from Windows Server 2003 to Windows Server 2008 R2 Part I: Why Upgrade?

A lot of my customer site visits are for upgrading a customer’s PKI from Windows Server 2003 to Windows Server 2008 R2.  I am going to cover the steps for upgrading a PKI in future postings in this series.  However, before getting into the upgrade process, it is important to know why you may in…

1

Windows PKI Resources

I had been thinking about compiling a list of PKI references.  However, I noticed Kurt Hudson has already done this work.  So, if you are looking for a great list of PKI resources, here you go: http://social.technet.microsoft.com/wiki/contents/articles/windows-pki-documentation-reference-and-library.aspx -Chris

0

Autoenrollment for Offline Certificate Templates

One headache for System Administrators has been renewing certificates generated from Offline Templates. Relief from this arduous task is available in Windows Server 2008 R2. Certificate Templates that are configured so that the requestor must provide the identity in the request are called “Offline” Certificate Templates. And one of the disadvantages to “Offline” Certificate Templates…

0