Windows Certificate Services – Setup a CRL
Setup a CRL KB ID 0000957 Problem One of the often-overlooked tasks in a Public Key Infrastructure (PKI) deployment is configuring your Certificate Services Certificate Revocation List (CRL). For smaller deployments with only one server, you don’t need to worry about complex design considerations (though a CRL doesn’t have to be hosted on a Certificate Services server). In my test environment, I have only one PKI server,...
VMware – Replace the ESX Certificate
ESX Certificate KB ID 0000974 Problem ESXi comes with a self-signed certificate, and for most people that’s fine, but some clients want to have a ‘Trusted’ certificate on theirs, and have their own PKI infrastructure for issuing them. Below I will generate a new certificate for my ESXi server using the Active Directory Certificate Services role on Windows Server 2012. Then replace the self-signed certificate with my new...
In Place Upgrade of Window Server
In Place Upgrade KB ID 0001895 Problem An in-place upgrade of a Windows Server, where you update an existing server installation to a newer version without reinstalling from scratch, can be a powerful way to bring older infrastructure up to date without the lengthy process of rebuilding a system and restoring data. The allure of this method lies in its simplicity and time efficiency; theoretically, you can go from, say, Windows...
Certificate Services 0xc8000202 Error
KB ID 0001639 Problem You will see this error if you are migrating a Certificate Services Server from Server 2008, (NOT Server 2008 R2) to Windows Server 2016, (or newer). Version of log file is not compatible with the Jet version 0xc8000202 (ESE: 514 Jet_errBadLogVersion) You will also see the following events logged; Event ID 17 Log Name: Application Source: Microsoft-Windows-CertificationAuthority Date: xx/xx/xxxx xx:xx:xx Event...
ASA Local CA Depreciated: Use Windows CA
KB ID 0001616 Problem I got an email about this last night, I rarely ever use the ASA as a Local CA, But that has now been completely depreciated, (post version 9.12(x)) The documentation tells us; Local CA server is deprecated in 9.12(1), and will be removed in a later release—When ASA is configured as local CA server, it is enabled to issue digital certificates, publish Certificate Revocation Lists (CRLs), and securely revoke issued...