Sign in
|
Join
|
Help
Yuval Sinay
Yuval's blog.
Home
Contact
RSS
Atom
Comments RSS
Go
Tags
Active Directory
Active Directory Replication
Active Directory Tools
Antivirus
App-V
Azure
Backup
BCP
Cloud
Cloud Computing
Cloud Services
CRM
CRM 2011
Cyber
Cyber Security
Cyber Space
DAG
Database Availability Group
Debug
Deployment
Dev
Disaster Recovery Plan
DRP
E15
Encryption
Exchange
Exchange 15
Exchange 2003
Exchange 2007
Exchange 2010
Exchange 2013
Exchange Management Shell
Firewall
Group Policy
High-Availability and Disaster Recovery
Hyper-V
Hyper-V R2
Hyper-V R3
ISCSI
ITPRO
ITPRO. Microsoft Active Directory Topology Diagrammer
Kerberos
Linux Integration Services
LYNC
Lync 2010
Lync 2013
Lync Server
MBCA
MDOP
MDT
Microsoft .NET Framework
Microsoft Deployment Toolkit (MDT) 2012
Migration
MVMC
Office
Office 2010
Office 2013
Office 365
Office Customization Tool
Outlook
PKI
Power Shell
Remote Desktop
Remote Desktop Services
SBS
SCOM 2007
SCOM 2007 R2
Security
Security Guides
Shadow Copy
SQL
SQL 2008 R2
SQL 2012
SQL Security
System Center
System Center 2012
System Center 2012 Configuration Manager
System Center Virtual Machine Manager
Tech
TMG
TMG 2010
Tools
Troubleshooting
UAG
Veeam
Virtual Machine Manager
Virtualization
Visual Studio Team Foundation
VMM
VMware
VPN
VSS
VSS Provider
Web Deploy
Windows
Windows 2008
Windows 2008 R2
Windows 2012
Windows 8
Wireless
Archives
June 2013 (6)
May 2013 (6)
April 2013 (10)
March 2013 (13)
February 2013 (17)
January 2013 (10)
December 2012 (14)
November 2012 (12)
October 2012 (21)
September 2012 (16)
August 2012 (13)
July 2012 (15)
June 2012 (13)
May 2012 (16)
April 2012 (14)
March 2012 (16)
February 2012 (8)
January 2012 (7)
December 2011 (8)
November 2011 (13)
October 2011 (13)
September 2011 (16)
August 2011 (4)
July 2011 (16)
June 2011 (45)
May 2011 (22)
Navigation
Home
All Posts
RSS
Popular Tags
Browse by Tags
All Tags
»
PKI
(
RSS
)
Certificate
Digital Certificate
Exchange 2010
ITPRO
Microsoft System Center
Outlook Web Access
OWA
Public Key Infrastructure
SCE 2010
Security
Security Guides
SSL
How to renew User/Computer certificate without require to do application side changes
21 April 12 07:58 PM
|
yuval14
| with
no comments
The renewal process of user/computer certificate require (in the most of the cases) to implemented changes in the application side (e.g. IIS,Outlook etc.), As a workaround for this “limitation”, the renewal process of the User/computer certificate can be set to use exiting certificate key. However, using exiting certificate key may reduce the system security level, and this may lead to system/certificate compromise. Warring: To reduce the security risk of implementing changes in the Enterprise PKI...
Monitoring Workgroup computers by using SCE 2010
07 October 11 01:35 AM
|
yuval14
| with
no comments
Microsoft SCE 2010 is a light edition of Microsoft System Center products line. Monitoring Workgroup computers by using SCE 2010 is cover by the following Microsoft post: How to Prepare the Essentials Management Server to Manage Workgroup-Joined Computers However, you may found out that no information is available on the correct process to create a server certificate (that used for mutual authentication). The following Microsoft post cover the process how to create a server certificate. When you...
How to resolve Exchange 2010 error message: The Certificate Status could not be determined because the revocation check failed
20 September 11 05:31 PM
|
yuval14
| with
no comments
The following error/s may appear in the Exchange 2010 Management Console: “ Exchange 2010 Certificate Revocation Checks and Proxy Settings ” or “ The Certificate Status could not be determined because the revocation check failed ” Cause: 1. You may use a Proxy server that block access to the CRL. 2. The CRL isn't available. How to Debug this issue: Obtain any (current) certificate from the Certificate Authority and run the following command: “ certutil –verify –urlfetch C:\CertificateName.cer...
How to Publish Root Certificate and Intermediate Root Certificate in Active Directory
14 September 11 12:10 AM
|
yuval14
| with
no comments
To Publish Root Certificate and Intermediate Root Certificate in Active Directory, please use the following commands: Root certificate: certutil -dspublish -f RootCACertificate.crt RootCA Intermediate certificate: certutil -dspublish -f SubCACertificate.crt SubCA To publish the certificate/s to NTAuth store, please review the following knowledgebase: How to import third-party certification authority (CA) certificates into the Enterprise NTAuth store Note: NTAuth store point to...
How to add Root Certificate and Intermediate Certificate to a Windows Operating System
13 September 11 11:46 PM
|
yuval14
|
1 comment(s)
If you are using a PKI (Public Key Infrastructure), you may found out that Root Certificate and Intermediate Certificate may need be installed manually for Workgroup computers. Also, in case that you don’t use Active Directory (e.g. GPO etc.) to publish the Root Certificate and Intermediate Certificate details, you may need to add this certificates manually. To accomplish this task, please use the following commands: Installing Root Certificate: “ Certutil -addstore -f Root MyRootCACertificate...
Finding DSConfigDN and DSDomainDN values by using Certutil
01 September 11 01:55 AM
|
yuval14
| with
no comments
DSConfigDN and DSDomainDN are two objects that should be taken care while designing PKI implementation (specially in case of using a Stand Alone Root CA and a Enterprise Sub CA). The following output provides you instructions how to obtain the required values from your Certificate Authority: C:\Users\administrator>certutil -getreg ca\DSConfigDN HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CertSvc\Configuration\lyncd omain-SRV5-CA\DSConfigDN: DSConfigDN REG_SZ = CN=Configuration...
Windows 2008 R2 Certification Authority installation guide
11 August 11 11:18 PM
|
yuval14
| with
no comments
Mr. Eyal Estrin wrote an excellent guide on “ Windows 2008 R2 Certification Authority installation guide ”. This guide provides a step by step guide how to install a Offline Root Certificate Authority and then setup a Enterprise Subordinate Certificate Authority. The guide can be obtain from the following link .
Error “Page Cannot be Displayed” may appear after replacing Exchange 2010 Certificate
03 July 11 08:19 PM
|
yuval14
| with
no comments
Symptoms: After replacing Exchange 2010 Certificate , the following error may appear during accessing Exchange 2010 OWA (Outlook Web Access): “ Page Cannot be Displayed ”. Reason: The imported certificate may not contain a “Private key”. Solution: During certificate export process, verify that “Export Private Key” checkbox has been marked. After completing the new certificate, import it the Exchange 2010 server and assigned it to the relevant services.