Operating a PKI: Revoking Orphaned Certificates

Orphaned certificates are certificates that are issued by a Certification Authority, but after issuing the certificates the Certification Authority has no knowledge of the certificates.  This situation most commonly occurs after the restore of a Certification Authority. is illustrated in the graphic below.  In this example the CA is backed up at Time 0.  After…

0

Operating a PKI: SMTP Exit Module

I am back to discuss the SMTP Exit Module.  The SMTP Exit Module is a very useful monitoring tool, yet so many are unaware of the SMTP Exit Module.  In this blog posting I am going to answer the following questions and address the following topics related to the SMTP Exit Module: What is an…

1

PKI Tip: More Certificate Store Shortcuts

Shortly after I posted PKI Tip: Certificate Store Shortcuts, Tom Aafloen (@TomAafloen) let me know of another easy way to access the Certificate Stores in Windows 8 & Windows Server 2012. Step 1.  Hold down the Windows key on the keyboard and press the W Key (Windows key + W key) to search settings. Step…

0

PKI Tip: Certificate Store Shortcuts

For those that spend time managing certificates I wanted to highlight some shortcuts for certificate management.  For a while now we have been able to directly access the Certificate MMC targeted for the Current User by launching certmgr.msc. Which opens up the Certificate MMC targeted for the Current User as seen below. The Bad News…

0

Operating a PKI: CA Certificate Renewals and OCSP

There are some effects that CA Certificate Renewal has on OCSP.  OCSP provides revocation checking information for clients.  For, each CA an OCSP Responder has a Revocation Configuration.  Each Revocation Configuration has an OCSP Signing Certificate associated with it.  The private key of the OCSP Signing Certificate is used to sign OCSP Responses so that…

0

Operating a Windows PKI: Renewing CA Certificates

In the previous blog posting (Operating a Windows PKI: Certification Authority Certificate Lifecycle and Renewals) I covered considerations for the CA Certificates lifecycle and when CA certificates should be renewed.  In this blog posting, I am going to cover some additional considerations and walkthrough the process of renewing CA Certificates. CRLNameSuffix Two important things to…

1

Operating a Windows PKI: Certification Authority Certificate Lifecycle and Renewals

Certification Authority Certificate Lifecycle and Renewals In this blog post I am going to discuss managing the Lifecycle for CA Certificates as well as cover the actual process to renew CA Certificates. Number of Tiers If an organization is looking to deploy a new PKI, we usually first discuss the type of overall design in…

1

Operating a Windows PKI: Removing Expired Certificates from the CA Database

Today, I am going to discuss removing expired certificates from the CA database.  Every time a CA issues a certificate it also stores a copy of the issued certificate in the CA database.  Overtime the certificates that the CA issues expire.  Once the certificate expires it is no longer valid.  Therefore, once a certificate expires…

0

Operating a Windows PKI

In my customer engagements I get a lot of questions around what tasks an organization should be doing in terms of operation and maintenance for their PKI.  So, in this blog series I am going to cover the operational and maintenance aspects of a PKI.  Below is the list of topics I plan on covering…

0

Fun with Windows Phone 8 and NFC

I currently have a Windows Phone 8 device, specifically the HTC 8X.  One the features in this phone is Near Field Communications (NFC).  I had heard a lot about NFC so I wanted to try it out.  So, I bought some NFC tags from Amazon.  I found the tags by searching for windows phone 8…

0