Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [pki]

Public Key Infrastructure is a cryptography system based on X.509 digital certificates, commonly used for encrypted communication and authentication.

Public Key Infrastructure is a cryptography system based on X.509 digital certificates.

OpenSSL and Windows Certificate Authorities are two commonly-used software certification authorities.

228 questions
1
vote
1 answer

Decommissioning PKI - How do I set a CRL Next update to null?

I am planning on deploying two Windows 2008R2 PKIs: One for legacy devices that don't support SHA-2 / ECP and another one that does support it. When the time comes to decommission the SHA1 environment I want to have the CRL next update be the last…
makerofthings7
  • 8,911
  • 34
  • 121
  • 197
1
vote
1 answer

How to publish a CRL for an internal Windows certification authority?

I have an Active Directory domain with an Enterprise Root Certification Authority in it; the domain uses a private domain name ("domain.local"), and we also have a public domain name ("domain.com"). The domain contains the following…
Massimo
  • 70,200
  • 57
  • 200
  • 323
1
vote
1 answer

Does a VPN certificate request need to be encrypted

We have a Cisco 3000 VPN concentrator and use the Cisco VPN client to generate certificate requests, which we then create/authenticate on our certificate server. When the help desk generates the request, they sometimes email that to me, then I…
Kernel Panic
  • 291
  • 2
  • 8
  • 19
1
vote
1 answer

Effect of native mode SCCM site server signing certificate RENEWAL on non-domain computers

We have a native mode SCCM installation on our network. For security reasons, we have two servers that are NOT domain joined, but have the native mode SCCM client installed (and functioning nominally). SCCM just renewed the site server signing…
newmanth
  • 3,943
  • 4
  • 26
  • 47
1
vote
2 answers

How to debug missing enterprise root ca certificate?

We have a openssl offline root CA with a Windows 2008 R2 AD-integrated SubCA. The Openssl Root CA was published to ldap CN=ROOTCANAME,CN=Certification Authorities,CN=Public Key Services,CN=Services,CN=Configuration,DC=DOMAIN using certutil…
Jonathan
  • 575
  • 1
  • 7
  • 18
1
vote
1 answer

Free OCSP server

I can't have OCSP with my current OS licensing (2008 R2 Standard) but I need this option. I'm hoping to avoid shelling out an additional $2300. Are there any open source products that could act as an OCSP responder for my existing internal…
Tim Brigham
  • 15,545
  • 10
  • 75
  • 115
1
vote
2 answers

Requesting certificates fails in different site

I'm not really sure where to start looking When requesting a certificate, a server always gets the error message "You cannot request a certificate at this time because no certificate types are available". Then for each certificate the error is "The…
marcwenger
  • 235
  • 1
  • 6
  • 21
1
vote
1 answer

RDP Certificate Distribution Points

I am receiving the message "Your computer can't connect to the remote computer because the Remote Desktop Gateway's server's certificate has expired or has been revoked" when trying to access a TS gateway server published through Forefront. The…
Tim Brigham
  • 15,545
  • 10
  • 75
  • 115
1
vote
1 answer

What should be the CRL publishing period for corporate environments?

I am trying to suggest a CRL publishing period for a Microsoft CA, the user certificates are going to be used for digital signature.There can be cases that a user certificate may be revoked. Normally what is the period to define , so that I can…
abmv
  • 125
  • 8
1
vote
1 answer

Import Root CA into Trusted Root Certificate Store from a script

We're looking into the possibility of deploying our enterprise CA to users at their homes, and we're looking for a method to programmatically install a root CA. I noticed certutil isn't included on the default XP install. Does anyone know of a…
tearman
  • 425
  • 1
  • 7
  • 20
1
vote
1 answer

SubCA certificate of trust

I have deployed a PKI infrastructure with a Stand-Alone Root CA (which will be kept off) and 4 Enterprise SubCA's which depends on this Root CA. To make the computers trust the Root CA, I am going to send the Root CA certificate to the domain…
Santyuste
  • 19
  • 1
1
vote
1 answer

Is it possible to specify Active Directory PKI key size throuth CSR

When I request certificate from Letsencrypt, put key and fullchain.cer in nginx config - everything works fine. The same for Active Directory is not working. -I generate key (tried rsa 2048 or 4096 bits, ec with default curve and settings) -Then…
Oleg Gritsak
  • 59
  • 3
1
vote
1 answer

High available PKI related questions with regards to CA/OCSP and NDES

I have some specific questions with regards a high available PKI based on ADCS. The questions are as follows. Please see the detailed info below to get more info on the casus. --------------------------- questions ------------------------ In an…
MyPkiProblems
  • 11
  • 2
1
vote
0 answers

Fedora Server 37 CA certificate store most equivalent to LocalMachine\root

Fedora Server 37 CA certificate store most equivalent to LocalMachine\root in a Windows environment? Background notes: I have plenty of experience in the Windows area for certificate management, but Fedora Server is a bit of a new beast. I am…
jcolebrand
  • 298
  • 5
  • 27
1
vote
1 answer

FreeRadius with mixed CAs

Is it possible to run FreeRadius (version 3.0.13) with two different CAs? So that I have a server certificate from one CA and the client certificates come from a different CA? Our current setup in /etc/raddb/mods-enabled/eap looks a bit like…
Thomas
  • 145
  • 1
  • 6
1 2 3
15 16