A policy module to tame them all: Introducing the TameMyCerts Policy Module for the Microsoft Certification Authority.

As a Certification Authority operator, you are (among other things) responsible for the identification of the enrollees and the confirmation of the requested identities. The fact that this task is carried out conscientiously and without errors is the central cornerstone for the trust that is placed in the Certification Authority. Well-known companies are already failed in this task, even had to file for insolvency as a result of misrepresentations and/or were severely punished by the major players on the market.

In many cases, we as enterprise (Microsoft) PKI operators (regardless of the quality involved) are able to delegate our task of uniquely identifying an enrollee to Active Directory. In many cases, however, we must also instruct our certification authority(ies) to simply issue whatever is requested.

Continue reading „Ein Policy Modul, um sie zu bändigen: Vorstellung des TameMyCerts Policy Moduls für Microsoft Active Directory Certificate Services“

The partition of the Hardware Security Module (HSM) runs full

Assume the following scenario:

  • A Certification Authority uses a Hardware Security Module (HSM).
  • The partition of the hardware security module fills up with more and more keys over the lifetime of the certificate authority.
  • At SafeNet hardware security modules, this can even cause the partition to fill up. As a result, the events 86 and 88 logged by the Certification Authority.
Continue reading „Die Partition des Hardware Security Moduls (HSM) läuft voll“