Security and Assurance
Security and compliance in datacenters, private cloud and hosting environments.
-
Memory corruption issue on certificates mmc snap-in (german language)
Reproduceable on Windows Server 2016 and Server 2019 (any many other versions with german language)
-open mmc.exe and import the certificates snap in two times (user and computer)
-open the "Personal Certificates"->"Certificates" Folder
-Then click on "All Tasks" -> "Import..." -> Next -> Browse
-Open the file type ComboBoxSome random characters appear.
1 vote -
import-pfxcertificate needs to support legacy private key storage format
When using Import-PFXCertificate to import PFXs that contain a private key the private key appears to be stored using CNG "Microsoft Software Key Storage Provider" instead of the legacy format "Microsoft Enhanced Cryptographic Provider v1.0"
Most Microsoft products can't read this format.
The PS-Drive Provider "Certificate" can't even read keys in this format.
It would be helpful to update the CMDLet to support CNG, however, as pointed out in this article: https://www.sysadmins.lv/blog-en/retrieve-cng-key-container-name-and-unique-name.aspx - almost no .NET apps use CNG because it has only been accessible via native APIs.
Without being able to force the key storage format to the older…
6 votes -
Install-AdcsEnrollmentPolicyWebService Ignores -WhatIf Parameter
The following PowerShell command should NOT configure the Enrollment Policy Web Service, because it has the -WhatIf parameter:
Install-AdcsEnrollmentPolicyWebService -AuthenticationType Certificate -Force -SSLCertThumbprint 'f0262dcf287f3e250d1760508c4ca87946006e1e' -KeyBasedRenewal:$false -WhatIfHowever, it does configure it. The same goes for Uninstall-AdcsEnrollmentPolicyWebService
This is bad practice for PowerShell cmdlets. It is also preventing us creating a DSC resource to configure this feature.
5 votes -
xcertificateimport
When using the interactive Windows Certificates snap-in, a 3rd very important cert target store type can be selected:
One can select "my user account", "computer account" and "service account" as target for certificates.xCertificateImport currently seems to only support 2 target store types:
Location: 'LocalMachine' or 'CurrentUser'As an admin it would be very cool to be able to also use xCertificateImport to also manage service-related certificates, as there are otherwise no PowerShell means to do so and the GUI cert tool is a PITA, as its not scriptable. And there are Microsoft own services out there that needs such…
1 vote -
Add ECDSA Platform Crypto Provider
Now that TPM 2.0 supports EC, the Platform Crypto Provider should support it.
4 votes -
Rebuild Certificate Authority
The whole CA management interface feels so overdue. i know the whole certificate thing wasnt built by microsoft and it pushed into the marked real fast (relatively speaking) so a solution had to be realized quick. The whole topic is very clumsy and involves so many manual steps that it gives lots of admins around the globe headaches. It is also very hard to learn and master due to the wrong tools i think.
The certification management in exchange control panel 2013 seems a step in the right direction. I cant really tell you what to do, but im sure…
10 votes
- Don't see your idea?