i am trying to implement Web Enrollment Pages on a different machine
then the Stand Alone RootCA
I encounter. the machines are not part of any domain
i am getting

Hi, a customer of mine has for a couple of years ago deployed en Standard CA
on Windows 2003. This CA were deleted/removed 6 month ago and replaced with a
new Enterprise Root CA. Now they realized that the old CA has deployed
computer certificates to all PC in the enterprise, and ...

We are setting up a pilot CLM 2007 FP1 environment.  We have obtained a
Microsoft Base CSP compliant Smart Card.  We have successfully configured a
Smart Card profile with the appropriate CA template.  We have defined all of
the CLM roles with the appropriate accounts/groups.  We ...

I am new to this area so please bear with me.
I have been asked to look at encryption on our laptops and data on our usb's
used. Does anyone know of any suitable method of storing a master encryption
key for unlocking encrypted files that users have set on their data. When we

In the "Microsoft Windows Server 2003 PKI and certificate Securty"
book page 108 table 6-3 I have a misunderstanding.
Value 2 description is fit value 8 label and vice versa
Did I get it wrong?

My understanding of certificate enrollment is that the generated certificate
request would support *all* of the CSPs named in the certificate template (if
the client generating the request supported them). I have since been advised
by a Microsoft person that this is not ...

I started doing auto enrollment of computers in preparation for RDP/TLS.
I've been widening the coverage in our root domain which has 8000 user
accounts and probably 2000-3000 Windows computers, mostly XP.
Failures to issue certificates started accumulating in one area of our

I have a large number of clients (~50,000) that require removal of a trusted
root CA cert that we added via group policy some time ago.
I have downloaded and installed the Capicom SDK 2.1.0.2 and tested using the
cstore.vbs sample script that comes with it.  The script works great ...

Once set, is it possible to make changes to the url that was set
initially on the Root CA via the capolicy.inf?  In this case an
environment that was to be accessible externally is now internal only
and the url needs to be updated.  I have tried updating the

In a Windows smartcard logon scenario, according to this KB paper
http://support.microsoft.com/kb/887578/en-us
in order to extend the validity period of a CRL in case of publishing
failure, it is necessary to edit the registry key

   We have a CA that has thousands of revoked certificates which
leads to CRLs os several MBytes.
   On the next nenewal of the CA, we are thinking of partitioning the
CRLs at each X number of issued certificates. The issued certificates

just getting into cryptography from an academic perspective and I
wondered if any of you had thoughts on the following scenarios
Suppose that an attacker has got hold of a piece of ciphertext that
has been

How important is configuring this plug-in?  I have CLM configured and
see that my auto-enrolled certificates are being published by the exit
module into the CLM SQL database.  I think that is all I really wanted
for those certificates as far as CLM goes.  What do I gain by

I have installed a 2-tier-PKI on Windows Server 2008. One
standalone-Offline-root-CA and one Enterprise-Online-SUB-CA.
It looks fine if I check with pkiview.msc but with certutil I have questions.
1. Can you send me examples of the syntax for certutil -verify -urlfetch? I

Hello, if I use delta CRLs and they expire, will this stop smart card
logon working?