Security and Assurance

Security and compliance in datacenters, private cloud and hosting environments.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Memory corruption issue on certificates mmc snap-in (german language)

    Reproduceable on Windows Server 2016 and Server 2019 (any many other versions with german language)

    -open mmc.exe and import the certificates snap in two times (user and computer)
    -open the "Personal Certificates"->"Certificates" Folder
    -Then click on "All Tasks" -> "Import..." -> Next -> Browse
    -Open the file type ComboBox

    Some random characters appear.

    https://social.technet.microsoft.com/Forums/office/en-US/f0736be4-7ff1-496a-9275-d5a8faf25b1d/memory-corruption-issue-on-certificates-mmc-snapin?forum=win10itprogeneral

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Certificates and CA  ·  Flag idea as inappropriate…  ·  Admin →
  2. import-pfxcertificate needs to support legacy private key storage format

    When using Import-PFXCertificate to import PFXs that contain a private key the private key appears to be stored using CNG "Microsoft Software Key Storage Provider" instead of the legacy format "Microsoft Enhanced Cryptographic Provider v1.0"

    Most Microsoft products can't read this format.

    The PS-Drive Provider "Certificate" can't even read keys in this format.

    It would be helpful to update the CMDLet to support CNG, however, as pointed out in this article: https://www.sysadmins.lv/blog-en/retrieve-cng-key-container-name-and-unique-name.aspx - almost no .NET apps use CNG because it has only been accessible via native APIs.

    Without being able to force the key storage format to the older…

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Certificates and CA  ·  Flag idea as inappropriate…  ·  Admin →
  3. Install-AdcsEnrollmentPolicyWebService Ignores -WhatIf Parameter

    The following PowerShell command should NOT configure the Enrollment Policy Web Service, because it has the -WhatIf parameter:
    Install-AdcsEnrollmentPolicyWebService -AuthenticationType Certificate -Force -SSLCertThumbprint 'f0262dcf287f3e250d1760508c4ca87946006e1e' -KeyBasedRenewal:$false -WhatIf

    However, it does configure it. The same goes for Uninstall-AdcsEnrollmentPolicyWebService

    This is bad practice for PowerShell cmdlets. It is also preventing us creating a DSC resource to configure this feature.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Certificates and CA  ·  Flag idea as inappropriate…  ·  Admin →
  4. xcertificateimport

    When using the interactive Windows Certificates snap-in, a 3rd very important cert target store type can be selected:
    One can select "my user account", "computer account" and "service account" as target for certificates.

    xCertificateImport currently seems to only support 2 target store types:
    Location: 'LocalMachine' or 'CurrentUser'

    As an admin it would be very cool to be able to also use xCertificateImport to also manage service-related certificates, as there are otherwise no PowerShell means to do so and the GUI cert tool is a PITA, as its not scriptable. And there are Microsoft own services out there that needs such…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Certificates and CA  ·  Flag idea as inappropriate…  ·  Admin →
  5. Add ECDSA Platform Crypto Provider

    Now that TPM 2.0 supports EC, the Platform Crypto Provider should support it.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Certificates and CA  ·  Flag idea as inappropriate…  ·  Admin →
  6. Rebuild Certificate Authority

    The whole CA management interface feels so overdue. i know the whole certificate thing wasnt built by microsoft and it pushed into the marked real fast (relatively speaking) so a solution had to be realized quick. The whole topic is very clumsy and involves so many manual steps that it gives lots of admins around the globe headaches. It is also very hard to learn and master due to the wrong tools i think.

    The certification management in exchange control panel 2013 seems a step in the right direction. I cant really tell you what to do, but im sure…

    10 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Certificates and CA  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base