In PKI, certificate lifespans have always been a balancing act between security and operational simplicity. The industry standard has preferred longer-lived certificates valid for one year, and sometimes even for two to three years. Longer-lived certificates require fewer renewals and fewer touchpoints, which means reduced human error. But in recent years, a new approach has […] The post Short-Lived Certificates: Worth the Hype or Operational Headache? appeared first on SecureW2.| SecureW2
In order to successfully configure a WPA2-Enterprise network, a RADIUS server is a must. The RADIUS authorizes and authenticates users signing into the network and eliminates any speculation into who is using your network. A properly configured RADIUS server can garner your organization tremendous advantages in regards to network security. However, many network security professionals […] The post How to Create a Cloud-Based RADIUS Server appeared first on SecureW2.| SecureW2
The National Institute of Standards and Technology (NIST) has officially released the first three PQC algorithms. The three algorithms are ML-KEM, ML-DSA, and SLH-DSA.| Encryption Consulting
Being compliant means meeting the minimum bar by following established rules and passing audits. It shows that your organization can align with frameworks, but it often reflects a snapshot in time rather than ongoing security. Resilience, on the other hand, is about preparing for the unexpected by building systems that can withstand failures, adapt toContinue reading "You’re Compliant, but Is Your PKI Truly Protected "| Encryption Consulting
A root CA key signing ceremony is the foundation of any Public Key Infrastructure (PKI). It’s a formal, controlled process where a root CA’s private key is generated, verified, and protected, with multiple participants overseeing each step to ensure trust, security, and compliance. Properly executed, it sets the standard for the entire certificate hierarchy. AContinue reading "Top 5 Root CA Key Signing Ceremony Mistakes to Avoid"| Encryption Consulting
Ensuring SSL certificates are replaced before expiration is vital to an organization's health. Dealing with expired certificates can be done in several ways| Encryption Consulting
You’re not alone if you have ever hit “Push” on the Simple Certificate Enrollment Protocol (SCEP) profile in your Mobile Device Management (MDM) only to find that nothing immediately happens. It’s a frustrating experience, especially when everything seems correctly configured. ... Read More| SecureW2
Introduction Running your own on-prem PKI (Public Key Infrastructure) can be a game-changer and it’s not just for enterprises, but... The post Building Your Own PKI with Step-CA – From Root CA to Proxmox Integration with ACME first appeared on gyptazy - The DevOps Geek.| gyptazy – The DevOps Geek
Standards| blog.ian.stapletoncordas.co
Learn how to troubleshoot and resolve Event ID 74 in AD CS, a common issue caused by CRL publishing failures. Discover root causes, solutions, and why timely action is critical for PKI health.| Encryption Consulting
Well, I was certainly hoping for this result, but wasn't necessarily expecting it! I'm pleased to report that Ballot SC-081v3 passed, and that shorter certificate lifetimes are now coming! The Schedule I will go into more detail later in the post, but right now, let'| Scott Helme
Stay ahead of emerging PKI threats in 2025. Discover key insights from our latest PKI Insights webinar on evolving risks and best practices.| PKI Solutions
Ensure compliance with Microsoft’s Strong Certificate Mapping enforcement. Learn how PKI Spotlight helps prevent authentication failures.| PKI Solutions
Enterprise applications and PKI should be an integral part to the security of an organization, but it is not always done. Learn how to do this in your company.| Encryption Consulting
Deploy your Public Key infrastructure (PKI) on a cloud-based platform and understand the difference between the traditional PKI and PKIaaS along-with the workflow and supported use cases.| Encryption Consulting
Personally Identifiable Information (PII) is extremely sensitive data, which is why organizations use PII Data Encryption.| Encryption Consulting
Mark B. Cooper and Brian Komar delve into the evolution of PKI and share invaluable career insights along the way.| PKI Solutions
Code Signing helps verify that software is authentic and helps to validate that the code has not been tampered with by an attacker while in transit.| Encryption Consulting
As many others, I have been following the launch of Let’s Encrypt. Let’s Encrypt is a new zero-cost X.509 Certificate Authority that supports the Automated Certificate Management Environment (ACME) protocol. ACME allow you to automate creation and retrieval of HTTPS Continue reading Let’s Encrypt Clients→| Simon Josefsson's blog
I haven’t seen this before, so I thought I’d documment how to generate a server TLS certificate using CACert. This can be useful if you are running a mail or web server and easily (and cost free) want to support Continue reading CACert and GnuTLS→| Simon Josefsson's blog
Phil P| The Grumpy Troll
HARICA - the only non-DigiCert certificate authority offering .onion certificates (for Tor hidden services) - has recently switched over to signing new certificates with their 2021 CAs. Here are some cliff notes on how to use HARICA's cross-certificates in your trust chain if that becomes a problem for you or your website viewers.| tweedge's blog
Public Key Infrastructure is a solution created to protect your infrastructure, where signed certificates & hashes are used for identification & authentication.| Encryption Consulting
By Henry Birge-Lee, Grace Cimaszewski, Liang Wang, Cyrill Krähenbühl, Kerstin Fagerstrom, and Prateek Mittal Today we are announcing the development of a| Freedom to Tinker
Let's Encrypt now supports internationalized domain names|
A customer who uses Microsoft Advanced Threat Analytics (ATA) recently had severe issues with their ATA implementation. At first, the portal started to behave strangely, not showing all information…| Microsoft Security Solutions
I have previously blogged about the free publicly trusted certificate solution Let’s Encrypt, see here. In this post, I will show how you can request a certificate with a PowerShell script and prov…| Microsoft Security Solutions
I have several times encountered these issues, so it decided it was time to write a blog post about it. The situation You are using a proxy server for web communication. Direct communication to the…| Microsoft Security Solutions
An SSL certificate has a field called Subject. The Subject field contains the domain name that the certificate is valid for. Subject can only contain one domain name: The field Subject can have mor…| Microsoft Security Solutions
This blog post will guide you through the steps of obtaining a publicly trusted SSL certificate with up to 5 domain names, at no cost. There are no hidden costs, ads or referrals involved. You do n…| Microsoft Security Solutions
Best Practices from Microsoft when deploying Network Device Enrollment Service (available here) states: “Always set up the administrator site with SSL-only configuration. (Disable http access to th…| Microsoft Security Solutions