Browsed by
Category: PKI

Installing a Two Tier PKI Hierarchy in Windows Server 2016 – Part 3

Installing a Two Tier PKI Hierarchy in Windows Server 2016 – Part 3

To finish this series, in this article we will configure DNS records and the website which will host AIA and CDP locations. In the end, we will have a fully operational Two Tier PKI Hierarchy in Windows Server 2016 You can retrieve the other articles of this series following these links: Installing a Two Tier PKI Hierarchy in Windows Server 2016 – Part 1 Installing a Two Tier PKI Hierarchy in Windows Server 2016 – Part 2 You can obviously adapt theses…

Read More Read More

Installing a Two Tier PKI Hierarchy in Windows Server 2016 – Part 2

Installing a Two Tier PKI Hierarchy in Windows Server 2016 – Part 2

To continue this series, in this article we will continue the deployment of our Two Tier PKI Hierarchy in Windows Server 2016 by deploying the Enterprise Subordinate Issuing CA. You can retrieve the other articles of this series following these links: Installing a Two Tier PKI Hierarchy in Windows Server 2016 – Part 1 Installing a Two Tier PKI Hierarchy in Windows Server 2016 – Part 3 Like for the root CA, you need to install Active Directory Certificate Services…

Read More Read More

Installing a Two Tier PKI Hierarchy in Windows Server 2016 – Part 1

Installing a Two Tier PKI Hierarchy in Windows Server 2016 – Part 1

In this series, we will see how to deploy a two tier PKI hierarchy in Windows Server 2016: Installing a Two Tier PKI Hierarchy in Windows Server 2016 – Part 2 Installing a Two Tier PKI Hierarchy in Windows Server 2016 – Part 3 If you are new to the enterprise PKI concepts, let me give you some vocabulary and best practices. In Windows Server using AD CS role, your PKI can have several forms using the different component based…

Read More Read More

Migrate Microsoft Certification Authority to SHA-2 Algorithm

Migrate Microsoft Certification Authority to SHA-2 Algorithm

Microsoft is announcing a policy change to the Microsoft Root Certificate Program. The new policy will no longer allow root certificate authorities to issue X.509 certificates using the SHA-1 hashing algorithm for the purposes of SSL and code signing after January 1, 2016. Using the SHA-1 hashing algorithm in digital certificates could allow an attacker to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. Microsoft recommends that certificate authorities no longer sign newly generated certificates using the SHA-1 hashing…

Read More Read More