Introduction We have discussed common PKI setup issues in the past, and today we tackle a more common one that you may see. When going through the server manager and following the steps to create an Enterprise CA, you will come across an option to select the type of CA you are attempting to setup.Continue reading "Common PKI Setup Issues: Grayed Out Enterprise CA Button "| Encryption Consulting
A big part of setting up your PKI is ensuring web enrollment so that certificates can be distributed to users. There are many different issues that can occur, but one of the more common ones is the 401.2 HTTPS error you see below. This occurs when you have set a certificate for HTTPS communication, butContinue reading "Common PKI Setup Issues: Web Enrollment HTTPS Error 401.2"| Encryption Consulting
No matter what your experience level is, when setting up a PKI you can run into many issues. They may be more common issues or issues you have never seen before, so understanding how to handle these types of errors is very important. Part of the PKI setup process is running multiple certutil commands fromContinue reading "Common PKI Setup Issues: 0x80070005 (WIN32: 5 ERROR_ACCESS_DENIED)"| Encryption Consulting
Ensuring SSL certificates are replaced before expiration is vital to an organization's health. Dealing with expired certificates can be done in several ways| Encryption Consulting
You’re not alone if you have ever hit “Push” on the Simple Certificate Enrollment Protocol (SCEP) profile in your Mobile Device Management (MDM) only to find that nothing immediately happens. It’s a frustrating experience, especially when everything seems correctly configured. ... Read More| SecureW2
Introduction Running your own on-prem PKI (Public Key Infrastructure) can be a game-changer and it’s not just for enterprises, but... The post Building Your Own PKI with Step-CA – From Root CA to Proxmox Integration with ACME first appeared on gyptazy - The DevOps Geek.| gyptazy – The DevOps Geek
Standards| blog.ian.stapletoncordas.co
Learn how to troubleshoot and resolve Event ID 74 in AD CS, a common issue caused by CRL publishing failures. Discover root causes, solutions, and why timely action is critical for PKI health.| Encryption Consulting
Well, I was certainly hoping for this result, but wasn't necessarily expecting it! I'm pleased to report that Ballot SC-081v3 passed, and that shorter certificate lifetimes are now coming! The Schedule I will go into more detail later in the post, but right now, let'| Scott Helme
Discover how PKI strengthens security in banking and finance, ensuring compliance, trust, and resilience.| PKI Solutions
Stay ahead of emerging PKI threats in 2025. Discover key insights from our latest PKI Insights webinar on evolving risks and best practices.| PKI Solutions
Ensure compliance with Microsoft’s Strong Certificate Mapping enforcement. Learn how PKI Spotlight helps prevent authentication failures.| PKI Solutions
Enterprise applications and PKI should be an integral part to the security of an organization, but it is not always done. Learn how to do this in your company.| Encryption Consulting
Jason Bloomberg discusses AppViewX, the subject of a recent Intellyx Brain Candy.| intellyx.com
Deploy your Public Key infrastructure (PKI) on a cloud-based platform and understand the difference between the traditional PKI and PKIaaS along-with the workflow and supported use cases.| Encryption Consulting
Personally Identifiable Information (PII) is extremely sensitive data, which is why organizations use PII Data Encryption.| Encryption Consulting
Mark B. Cooper and Brian Komar delve into the evolution of PKI and share invaluable career insights along the way.| PKI Solutions
Code Signing helps verify that software is authentic and helps to validate that the code has not been tampered with by an attacker while in transit.| Encryption Consulting
As many others, I have been following the launch of Let’s Encrypt. Let’s Encrypt is a new zero-cost X.509 Certificate Authority that supports the Automated Certificate Management Environment (ACME) protocol. ACME allow you to automate creation and retrieval of HTTPS Continue reading Let’s Encrypt Clients→| Simon Josefsson's blog
I haven’t seen this before, so I thought I’d documment how to generate a server TLS certificate using CACert. This can be useful if you are running a mail or web server and easily (and cost free) want to support Continue reading CACert and GnuTLS→| Simon Josefsson's blog
In Istio 1.3, we are taking advantage of improvements in Kubernetes to issue certificates for workload instances more securely. When a Citadel Agent sends a certificate signing request to Citadel to get a certificate for a workload instance, it includes the JWT that the Kubernetes API server issued representing the service account of the workload instance. If Citadel can authenticate the JWT, it extracts the service account name needed to issue the certificate for the workload instance. Befor...| Istio Blog
Istio self-signed certificates have historically had a 1 year default lifetime. If you are using Istio self-signed certificates, you need to schedule regular root transitions before they expire. An expiration of a root certificate may lead to an unexpected cluster-wide outage. The issue affects new clusters created with versions up to 1.0.7 and 1.1.7. See Extending Self-Signed Certificate Lifetime for information on how to gauge the age of your certificates and how to perform rotation.| Istio Blog
Phil P| The Grumpy Troll
HARICA - the only non-DigiCert certificate authority offering .onion certificates (for Tor hidden services) - has recently switched over to signing new certificates with their 2021 CAs. Here are some cliff notes on how to use HARICA's cross-certificates in your trust chain if that becomes a problem for you or your website viewers.| tweedge's blog
Public Key Infrastructure is a solution created to protect your infrastructure, where signed certificates & hashes are used for identification & authentication.| Encryption Consulting
By Henry Birge-Lee, Grace Cimaszewski, Liang Wang, Cyrill Krähenbühl, Kerstin Fagerstrom, and Prateek Mittal Today we are announcing the development of a| Freedom to Tinker
Let's Encrypt now supports internationalized domain names|
A customer who uses Microsoft Advanced Threat Analytics (ATA) recently had severe issues with their ATA implementation. At first, the portal started to behave strangely, not showing all information…| Microsoft Security Solutions
I have previously blogged about the free publicly trusted certificate solution Let’s Encrypt, see here. In this post, I will show how you can request a certificate with a PowerShell script and prov…| Microsoft Security Solutions
I have several times encountered these issues, so it decided it was time to write a blog post about it. The situation You are using a proxy server for web communication. Direct communication to the…| Microsoft Security Solutions
An SSL certificate has a field called Subject. The Subject field contains the domain name that the certificate is valid for. Subject can only contain one domain name: The field Subject can have mor…| Microsoft Security Solutions
This blog post will guide you through the steps of obtaining a publicly trusted SSL certificate with up to 5 domain names, at no cost. There are no hidden costs, ads or referrals involved. You do n…| Microsoft Security Solutions
Best Practices from Microsoft when deploying Network Device Enrollment Service (available here) states: “Always set up the administrator site with SSL-only configuration. (Disable http access to th…| Microsoft Security Solutions
