Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [pki]

Public Key Infrastructure is a cryptography system based on X.509 digital certificates, commonly used for encrypted communication and authentication.

Public Key Infrastructure is a cryptography system based on X.509 digital certificates.

OpenSSL and Windows Certificate Authorities are two commonly-used software certification authorities.

228 questions
2
votes
0 answers

Why might a ssl certificate fail to validate after the root certificate was installed?

I am building an openssl Certificate Authority for an intranet. I have root.crt, intermediate.crt which is signed by the root, and server.crt which is signed by the intermediate. I can validate the intermediate against the root #> openssl verify…
spraff
  • 549
  • 4
  • 8
  • 18
2
votes
1 answer

How EJBCA generate private key

I'm looking for the method used by EJBCA to generate the private keys in general (CA, Sub-Ca, certificates...). Let say for instance you want RSA 2048 key size. Is the generation process all done in EJBCA application ? Do they rely on Java EE-based…
Florent
  • 308
  • 2
  • 7
2
votes
0 answers

How does one create a certificate request for a managed service account in Windows?

I have a managed service account which needs a certificate in its personal store for decryption. I tried opening the Certificates snap-in and pointing to the service, but when I right-click on the "Personal" store the Request New Certificate option…
bshacklett
  • 1,378
  • 4
  • 19
  • 39
2
votes
1 answer

Using virtual smart card for server-side keys?

Does anybody know if it's possible to store private keys, belonging to service account or computer account, on Windows 8 VSC (virtual smart card)? As far as I understand, requirement for 8-symbols (at least) PIN prevents it. Service process, like…
Cat Mucius
  • 155
  • 1
  • 11
2
votes
2 answers

ADCS - How can I diagnose the exact reason a certificate request was denied by a policy module?

I need to develop operational procedures to audit and understand why a specific request was rejected by an Active Directory Certificate Services (ADCS) Policy Module. I've attempted turning on all logging (checkboxes) in the GUI, and checked the…
makerofthings7
  • 8,911
  • 34
  • 121
  • 197
2
votes
1 answer

Decom old CA and Basic EFS certificates

Getting very close to decommissioning our old CA. The new CA is in place and happily issuing certificates and the old CA has had all the templates removed so no certificates will be issued. My concern about the decommissiong process though is…
user35213
2
votes
1 answer

override specific DN fields when signing csr

When signing CSR on CA side, how can I override specific DN fields by custom value? I want to ignore what is written in CSR. For example in C= and O= fields and replace them by something static. Other values, like CN=, should be accepted from…
mighq
  • 355
  • 1
  • 3
  • 11
2
votes
1 answer

Convert PUB key to PKCS8 format on CentOS?

In Ubuntu, i can convert a Pub key from OpenSSH-format to PKCS8 format by command: ssh-keygen -e -f .ssh/id_rsa.pub -m PKCS8 But in CentOS 6.4, when i execute the same command, it notice: ssh-keygen: illegal option -- m I read man-page of…
Locke
  • 91
  • 4
  • 7
2
votes
1 answer

What's the difference between managing certificates for a user account and for a computer account?

We have some domain-joined computers that were unable to import a third party root cert as a trusted cert provider. In trying to fix this, I noticed that when we go to use the certificate management snap-in, we get a prompt like in the screenclip…
daisy
  • 747
  • 4
  • 14
  • 30
2
votes
1 answer

Unable to submit certificate request to 2k8R2 CA

I have created a two-tier CA using Windows Server 2008 R2. The .inf files used to create this standalone root and an enterprise subCA are at the end of this post. The root is installed OK and issued a certificate to the SubCA. The SubCA has in turn…
morleyc
  • 1,150
  • 13
  • 47
  • 89
2
votes
1 answer

Remove expired PXE certificates from SCCM

Our SCCM 2007 R2 environment, which runs in native mode, just had its PXE client certificates renewed. Now, the site server automatically blocks the old certificates, but it appears that there is no functionality to actually delete them. I know it…
newmanth
  • 3,943
  • 4
  • 26
  • 47
2
votes
1 answer

Implications of Root CA without CRL

I'm currently setting up a PKI for my company and while I have come up with a good layout and planned the overall policy of certificate issuance, I'm still puzzled by what role the CRL plays. By looking at other root CA certificates installed in…
cvaldemar
  • 1,106
  • 1
  • 10
  • 12
2
votes
0 answers

PKI user certificate credential roaming works on Windows 7, but not on XP SP3

We have implemented credential roaming for user certificates on our domain. Everything is set up per Technet in Certification Authority and Group Policy. User certificates are roaming correctly, but only on Windows 7 workstations. For some…
newmanth
  • 3,943
  • 4
  • 26
  • 47
2
votes
2 answers

How to set a passphrase for an AWS X.509 private key?

I was rotating my AWS X.509 certificate and private key (not to be confused with ssh private / public key pair) today and decided I wanted to set a pass-phrase on my private key to better protect it. So I did a bit of research and ran : openssl rsa…
Hilton D
  • 279
  • 5
  • 15
2
votes
1 answer

PKI Issuing CA on Domain Controllers

I am setting up a PKI which will initially be used internally. As we may grow our use of this I have opted for a three tier hierarchy - Offline Root and Policy CAs (one Policy CA at the moment for internal use), and online issuing CAs. We had…
dunxd
  • 9,632
  • 22
  • 81
  • 118
1 2 3
15 16