Operating a PKI: Revoking Orphaned Certificates (Video)

This video covers the steps necessary to revoke orphaned certificates. Additional information on this topic is available at http://blogs.technet.com/b/xdot509/archive/2013/06/18/operating-a-pki-revoking-orphaned-certificates.aspx. Revoking Orphaned Certificats

0

Operating a PKI: Revoking Orphaned Certificates

Orphaned certificates are certificates that are issued by a Certification Authority, but after issuing the certificates the Certification Authority has no knowledge of the certificates.  This situation most commonly occurs after the restore of a Certification Authority. is illustrated in the graphic below.  In this example the CA is backed up at Time 0.  After…

0

Operating a PKI: SMTP Exit Module

I am back to discuss the SMTP Exit Module.  The SMTP Exit Module is a very useful monitoring tool, yet so many are unaware of the SMTP Exit Module.  In this blog posting I am going to answer the following questions and address the following topics related to the SMTP Exit Module: What is an…

1

Operating a PKI: CA Certificate Renewals and OCSP

There are some effects that CA Certificate Renewal has on OCSP.  OCSP provides revocation checking information for clients.  For, each CA an OCSP Responder has a Revocation Configuration.  Each Revocation Configuration has an OCSP Signing Certificate associated with it.  The private key of the OCSP Signing Certificate is used to sign OCSP Responses so that…

0

Operating a Windows PKI: Renewing CA Certificates

In the previous blog posting (Operating a Windows PKI: Certification Authority Certificate Lifecycle and Renewals) I covered considerations for the CA Certificates lifecycle and when CA certificates should be renewed.  In this blog posting, I am going to cover some additional considerations and walkthrough the process of renewing CA Certificates. CRLNameSuffix Two important things to…

1

Operating a Windows PKI: Certification Authority Certificate Lifecycle and Renewals

Certification Authority Certificate Lifecycle and Renewals In this blog post I am going to discuss managing the Lifecycle for CA Certificates as well as cover the actual process to renew CA Certificates. Number of Tiers If an organization is looking to deploy a new PKI, we usually first discuss the type of overall design in…

1

Operating a Windows PKI: Removing Expired Certificates from the CA Database

Today, I am going to discuss removing expired certificates from the CA database.  Every time a CA issues a certificate it also stores a copy of the issued certificate in the CA database.  Overtime the certificates that the CA issues expire.  Once the certificate expires it is no longer valid.  Therefore, once a certificate expires…

0

Operating a Windows PKI

In my customer engagements I get a lot of questions around what tasks an organization should be doing in terms of operation and maintenance for their PKI.  So, in this blog series I am going to cover the operational and maintenance aspects of a PKI.  Below is the list of topics I plan on covering…

0