Kumar 30.01.2020 17:26 (GMT+2) Certutil tips and tricks: query cryptographic service providers (CSP and KSP)

Fantastic explanation.!

François 30.01.2020 12:55 (GMT+2) Add multiple Certificate Enrollment Service instances


Finally I managed to do it after reading this Ms doc : https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj590165(v=ws.11)?redirectedfrom=MSDN#to-install-a-certificate-enrollment-policy-web-service-that-uses-certificate-authentication

Before using this command : 

    >    Install-AdcsEnrollmentPolicyWebService -AuthenticationType Certificate -SSLCertThumbprint "xxxxxxxxxxxxxxxxxxxxxxxxx"

Execute this command: 

   >    cd cert:\LocalMachine\My


dahe 27.01.2020 08:51 (GMT+2) Designing CRL Distribution Points and Authority Information Access locations

Considering non-domain environments... When AIA is not configured, thus not avialable in certificates, then Root and Sub CA must be somehow available for CCE. The Root Cert should be installed in the Trusted Root Certification Authorities Certificate Store. But how about Subordinate CA/Intermediate CA certificate? I understand it must not be explicitly trusted, but must be available to CryptoAPI for CCE. Where to put it?

François 23.01.2020 11:00 (GMT+2) Add multiple Certificate Enrollment Service instances

Thank Vadims for your quick answer!

Perhaps I didn't fully understand this article but there are screenshots about IIS console with two CEP Applications ("ADPolicyProvider_CEP_UsernamePassword" and "ADPolicyProvider_CEP_Certificate") for example this one.


Vadims Podāns
Vadims Podāns 22.01.2020 21:03 (GMT+2) Add multiple Certificate Enrollment Service instances

It is correct: you cannot have multiple CEP (policy servers) instances on same server. Only multiple enrollment services (CES) are supported. And this blog post talks about CES, not CEP.