Skip to main content
Server Fault

Questions tagged [pki]

Ask Question

Public Key Infrastructure is a cryptography system based on X.509 digital certificates, commonly used for encrypted communication and authentication.

250 questions
Newest Active Bountied Unanswered
0 votes
0 answers
104 views

I wan't to add a batch script to verify xml signatures. The keys are in x509 certificates (all.pem). All 3 certificates are in the pem file: signing, ca and root - in that order. I also have an <ds:...
Tobi's user avatar
  • 1
0 votes
1 answer
502 views

I have two certificates on my Domain Controllers: Name: Kerberos Authentication Validity: 1 year Key length: RSA 2048 Hash: SHA-256 Name: Domain Controller Authentication Validity: 5 years Key ...
Cell-o's user avatar
  • 465
6 votes
3 answers
796 views

I am an Infrastructure Engineer for an organization. We have one Root Certificate Authority(RootCA) and one Subordinate Certificate Authority(SubCA). The RootCA is kept in an offline/disconnected ...
Higgden's user avatar
  • 61
0 votes
1 answer
105 views

There are applications and/or appliances that work with LDAPS. Here, the Kerberos Authentication template period is 1 year. Normally, it is automatically renewed with auto-enrollment. Will there be an ...
Cell-o's user avatar
  • 465
0 votes
1 answer
86 views

I have Kerberos Authentication already. Kerberos Authentication template - validity periods : 1 years Domain Controller Authentication - validity periods : 5 years I want to remove Domain Controller ...
Cell-o's user avatar
  • 465
4 votes
1 answer
462 views

I'm setting up CDP and AIA on a Windows Server certificate authority. It works with HTTP and LDAP locations, but it fails to obtain CRLs from a UNC network path like \\<server name>\CRL$\<...&...
visilii's user avatar
  • 73
0 votes
1 answer
413 views

I'm attempting to setup a two-tier level Certificate Authority Service using AD CS (all VPS are running Windows Server 2022) with an offline root CA and Enterprise Subordinate CA. My architecture ...
Michal's user avatar
  • 1
1 vote
0 answers
322 views

Need some help with PKI issue. I have PKI in our domain and auto-enrollment policy is configured. All domain computers succesfully obtain personal cert. So no problem with it. Now I need to revoke ...
Posix's user avatar
  • 23
0 votes
0 answers
298 views

I've built a new 2022 PKI hierarchy in our environment that I would like to start issuing Domain Controller Certificates from (Kerberos Auth, DirectoryEmailReplication templates). The problem is that ...
Jay M's user avatar
  • 11
1 vote
1 answer
228 views

We are replacing our Windows Server 2012 Certificate Enrollment Service/ Certificate Enrollment Policy (CESCEP) IIS server with two new IIS servers configured in HA, using an internal DNS that will ...
Jay M's user avatar
  • 11
0 votes
0 answers
111 views

I am aware that one may use graphical tools to use one's PIN authenticate to one's SmartCard and afterwards delete a certain container on it. However, I would like to do that in a script, and all that ...
Bernd Schwanenmeister's user avatar
  • 552
1 vote
0 answers
1k views

We recently upgraded from RHEL7 to RHEL8 and one of this issues that wasn't straight forward to handle is how to utilize cURL with client certificates after cURL removed support for NSS? Previously, ...
klog's user avatar
  • 111
1 vote
2 answers
4k views

I have FreeIPA on Rocky 8. I installed custom certs from LetsEncrypt using the command ipa-cacert-manage -p DM_PASSWORD -n NICKNAME -t C,, install ca.crt ipa-certupdate ipa-server-certinstall -w -d /...
cclloyd's user avatar
  • 623
0 votes
0 answers
464 views

I've a Windows PKI system running with Luna Network HSM 7 and need to use a certificate which its private key resides in the HSM and not exportable by design of the system. This cert was generated ...
Metin Ozkan's user avatar
  • 1
2 votes
3 answers
4k views

What is the Subject Names / Subject alternative names and how do they differ from each other? Specially the template below "subject name" tab. What does that change in the normal certificate ...
kambm's user avatar
  • 63

15 30 50 per page
1
2 3 4 5
17