Archive for the 'Certificates' Category

Creating Certificate Requests Using the Certificate Snap-in — Pitfalls and Ladders

There have been a number of changes to the security certificate world lately. Validity periods have shrunk from 5 years to 3 years and now to 2 years. SHA256 has taken over the world. Wildcard certificates have gone from risky to accepted and supported in many scenarios.  All this means we are all rekeying and deploying certificate’s a lot more. Just to make it more fun, there are more options involved. So, it is best to make the task as error free and quick as possible.

Continue reading ‘Creating Certificate Requests Using the Certificate Snap-in — Pitfalls and Ladders’

Changing a Certificate Key Type from Signature to Exchange

Switching a certificate from ‘Signature’ to ‘Exchange’, or the reverse, is fairly easy. Just use the certutil utility.

Continue reading ‘Changing a Certificate Key Type from Signature to Exchange’

Changing a CNG Certificate key to Legacy

This can be done with OpenSSL.   This same technique can be used to change Legacy Key Provider types. 

Continue reading ‘Changing a CNG Certificate key to Legacy’