Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [pki]

Public Key Infrastructure is a cryptography system based on X.509 digital certificates, commonly used for encrypted communication and authentication.

Public Key Infrastructure is a cryptography system based on X.509 digital certificates.

OpenSSL and Windows Certificate Authorities are two commonly-used software certification authorities.

228 questions
0
votes
1 answer

How do i use pspki cmdlets without installing the Module components?

i want to use the powershell pspki module cmdlets without installing the module components on my CA. is this possible?
Envy
  • 23
  • 1
  • 5
0
votes
1 answer

Apache doesn't accept the key for a certificate when that certificate is bundled with its issuer

I am setting up a Certificate Authority for an intranet. There is a root certificate which will be installed on all the network machines, an intermediate certificate signed by the root, and a http server certificate signed by the intermediate. I…
spraff
  • 549
  • 4
  • 8
  • 18
0
votes
1 answer

Migrating PKI and CA of a Domain Controller that needs to be demoted

I have a Domain Controller that for some reason beyond me has ADCS installed on it. The domain controller is a 2008 R2 server and needs to be demoted, but first I need to do one of two things. This same server also runs DHCP, NPS (RADIUS server),and…
veel84
  • 288
  • 1
  • 6
  • 14
0
votes
0 answers

Invalid CRL distribution points in certs after CA migration

I have recently migrated an Enterprise CA from a Windows Server 2003 box to a Windows Server 2012 R2 box using the Active Directory Certificate Services Migration Guide. The CA was running entirely on the one machine, and looks as though it was a…
dbr
  • 1,852
  • 3
  • 23
  • 38
0
votes
1 answer

Can I setup logstash with windows generated certs instead of openssl?

Going through this tutorial. They use openssl to generate certs to use with logstash ie this command: sudo openssl req -subj '/CN=ELK_server_fqdn/' -x509 -days 3650 -batch -nodes -newkey rsa:2048 -keyout private/logstash-forwarder.key -out…
red888
  • 4,183
  • 18
  • 64
  • 111
0
votes
1 answer

PKI SHA1 Upgrade - Thumbprint Algorithm Explanation

PKI SHA1 Upgrade - What is the difference between the Signature Algorithm and the Thumbprint Algorithm?
Matt L.
  • 21
  • 3
0
votes
0 answers

SHA1 Migration to SHA2 - ADCS Windows 2012 R2

I am a little new to AD CS and I was tasked with upgrading our entire PKI infrastructure from SHA1 to SHA256 for the SHA1 deprecation. I have read somewhere that SHA256 can read SHA1 hashes. This doesn't seem right to me so I was curious if anyone…
Matt L.
  • 21
  • 3
0
votes
1 answer

CSR: Extract PKCS#10 contained in a PKCS#7

Hi eveyone: let's see if someone can help me ;) I'm quite noob at this field so please be gentle. At my job someone passed me a CSR. This CSR is a PKCS#10 request enveloped in a PKC#7 request. My task is to extract this PKCS#10 request. I found this…
Noob_Number_1
  • 145
  • 1
  • 7
0
votes
0 answers

How to purge roaming credentials from AD user objects?

Background Due to low-budget constraints we are using roaming credentials instead of smart cards in our environment. Problem Now we have recognized that the relevant AD user attributes became quite large, particularly msPKIDPAPIMasterKeys and…
Matthias Güntert
  • 2,438
  • 12
  • 39
  • 59
0
votes
0 answers

"Manual User Signing & Encryption Certificates Enrollment" profile in Dogtag CA doesn't work with fresh installation

After Dogtag 10 installation (step by step by video tutorial) when I try to submit request "Manual User Signing & Encryption Certificates Enrollment"(3rd option) to CA by CA end-entity(end user web interface) I get following error: Sorry, your…
Marcin Mierzejewski
  • 101
  • 1
0
votes
0 answers

Apache2 + Mod_SSL user management

I'm currently playing around with PKI auth on my Apache2 server and I was just wondering if there is a quick/easy way to add/remove users from the SSLRequire line? Right now I have something like this: Options FollowSymlinks …
tparrott
  • 185
  • 1
  • 3
  • 9
0
votes
2 answers

Subject Alternative Name when internal and external hostnames differ

I have two servers in an Active Directory domain. Both servers have apps that run in Tomcat. I'm ordering PKI certificates for these two servers. The servers are members of the AD domain "ourInternalNetwork.com". The majority of systems on this…
Michael Cornn
  • 269
  • 3
  • 16
0
votes
1 answer

"The private key for the certificate that was configured could not be accessed."

I'm trying (and failing) to replace the certificates for an ADFS 2.0 stand-alone installation. I've generated the certificates and placed them in the local machine store. But, no matter what I do, I inevitably end up with the same error being…
Damien_The_Unbeliever
  • 248
  • 4
  • 11
0
votes
0 answers

PKI and Direct Access UAG

I have a two tier PKI infrastructure with an offline root CA and two Enterprise Intermediate Certification Authorities setup to auto enroll certificates. I have setup auto enrollment in default domain GPO within Active Directory for machine…
Steve
  • 11
0
votes
2 answers

Using Direct Access to allow mobile users to have GPO and the Domain experience

I'm interested in using Direct Access mainly so I can apply GPO to mobile clients and control the "domain experience" these users have. Q: Does Direct Access allow end users to transparently work this way? I'm in the process of setting up a test…
makerofthings7
  • 8,911
  • 34
  • 121
  • 197
1 2 3
15 16