JoinNow 8.0: Adaptive Defense, ACME for Server Certs, and More!
Trust rules how the world works. It’s the foundation of personal relationships, how we choose who to do business with, and how we grant people (and now non-human identities) access...
The DoD Just Confirmed What We’ve Been Saying All Along: Trust Must Be Earned
Even the DoD Knows the Perimeter is Dead “There is no such thing as a secure system.” —Lisa Porter, Former Deputy Undersecretary of Defense for Research and Engineering The U.S....
What does a modern PKI team structure look like?
Public Key Infrastructure (PKI) is like experiencing a renaissance. PKI, formerly thought to be the realm of cryptography specialists and obsolete hardware, is now a strategic enabler of business identity...
Why Isn’t my SCEP Profile Working?
You’re not alone if you have ever hit “Push” on the Simple Certificate Enrollment Protocol (SCEP) profile in your Mobile Device Management (MDM) only to find that nothing immediately happens....
ACME Device Attestation: Strengthening Certificate-Based Security
Public Key Infrastructure (PKI) was never designed for an environment where devices could drift out of compliance within hours, sometimes minutes, of being trusted. And yet, many organizations still rely...
Dynamic PKI: Continuous Authentication for Modern Security
Traditional authentication models have relied on static trust. Once a device or user is authenticated a single time they typically remain trusted indefinitely. This model assumes continuous security from a...
Why Does Certificate Lifecycle Management Automation Need Continuous Authentication?
Enterprises are relying more on automated solutions to manage the lifecycle of digital certificates. Certificate Lifecycle Management (CLM) has evolved from a manual, error-prone process to an automated, API-driven workflow...
What’s the difference between device authentication and device attestation?
Device security is more important than ever. Just one compromised device can give attackers access to your whole network. Because of this, security professionals depend on device attestation and authentication....
SCEP vs. Dynamic SCEP
Simple Certificate Enrollment Protocol (SCEP) streamlines secure certificate issuance across networked devices, enabling scalable authentication and encryption. Instead of relying on manual provisioning, SCEP automates the process, allowing devices to...
Top PKI Management Tools For A Network
Organizations should prioritize automated certificate lifecycle management to maintain complete visibility and granular control over who and what accesses their network. Managing certificates manually—distributing, renewing, and revoking them—quickly becomes tedious...
Complete Guide To Certificate Authorities
Imagine walking into a vast library, seeking a single book among millions. Without a librarian or a catalog system, you’d be lost. In many ways, the internet is that library,...
Without Server Certificate Validation, WPA2-Enterprise Isn’t Secure
Your users have strong, unique passwords, your networks are protected with WPA2-Enterprise encryption, and you use 802.1x for authentication. WPA2-Enterprise is the gold standard when it comes to security, so...
Microsoft PKI Best Practices
A Public Key Infrastructure (PKI) is an 802.1x network security solution that uses public-private key cryptography to authenticate users for online resources. PKIs can be configured to authenticate for Wi-Fi,...
What Are Virtual Smart Cards?
In the world of authentication cybersecurity, a device growing in popularity is the Smart Card. A smart card, like those produced by Yubico, is a cryptographic tool that allows users...
SHA-2 vs ECC: Digital Certificate Encryption Advancements
Cryptographic systems are at the heart of digital certificates, enabling encryption, authentication, and integrity. SHA-2 and ECC are two pivotal technologies that protect everything from SSL certificates to system integrity...
[Solved] Jamf Casper Certificate Error
Apple devices and gadgets have been unparalleled in cutting-edge technology and customer satisfaction over the years. In a recent interview, the CIO of Jamf Linh Lam predicted Apple to reach...
The Dangers of Self-Signed Certificates
Self-signed certificates continue to pose critical risks to organizations prioritizing secure communication. While they may seem convenient for quick deployments, their inherent vulnerabilities can lead to severe security and operational...
Solved: Error “Cannot Manage Active Directory Certificate Services”
Admins configuring Active Directory Certificate Services (AD CS) for their network may encounter the following error message: Cannot manage active directory certificate services. The system cannot find the file specified:...
What is PIV (Personal Identity Verification)?
Personal Identity Verification (PIV) is a security standard detailed in NIST FIPS 201-2 that creates a framework for multi-factor authentication (MFA) on a smartcard. While PIV was originally designed for...
A Guide to Server Certificates
Server security is critical in today’s digitally driven environment. The server certificate, a digital document that verifies the identification of a website or server, is fundamental to Internet communication security....
All that You Need To Know About Public Key Encryption
We are living in a time where wireless security is imperative because private data and personal information are uploaded online. As the amount of online data increases, so does the...
Why is It Safe to Migrate AD CS from SHA-2 to SHA-1 In 2024?
It’s imperative for organizations to fully switch from SHA-1 to SHA-2. The National Institute of Standards and Technology (NIST) stated SHA-1 should not be trusted, PCI Compliance scanners no longer...
Why Do You Need S/MIME Encryption In Network Security
S/MIME stands for “Secure/Multipurpose Internet Mail Extensions”. It’s an IETF standard for public key encryption and creating a digital signature for MIME data. In essence, S/MIME uses a PKI to...
An Overview Of Certificate Revocation List In A PKI
What is a Certificate Revocation List? A certificate revocation list, more commonly called a CRL, is exactly what it sounds like: a list of digital certificates that have been revoked....
Benefits of Digital Certificates For Secure Eduroam Wi-Fi
Eduroam has become crucial for colleges worldwide, providing students and staff with seamless, cross-campus Wi-Fi connectivity. However, as more institutions use Eduroam as their principal Wi-Fi network, security and accessibility...
Certificate Lifetimes – Is 20 Years Too long?
Over the last few years, software makers have begun cracking down on certificates that do not expire soon enough. Most browsers will reject any SSL certificate with a lifetime longer...
The Importance of Device Attestation for Zero Trust
Here, you can learn the concepts of device trust and cryptographic principles of attestation in ensuring security of your organization.
Adding a Trusted Root Certificate Authority to Group Policy Objects
Organizations that want the best in authentication security should look no further than certificate-based authentication. When compared to using credentials for authentication, it’s simply no contest. The two pillars supported...
PKI Smart Card Authentication for Enterprise
Companies and governments around the world are finding more and more uses for PKI smart cards – especially for identity management. These tiny chips can be found in a multitude...
How to Check if a Digital Certificate is Revoked
A critical component of EAP-TLS certificate-based authentication is properly managing certificates, which includes confirming that they have been properly revoked AND placed on the list of revoked certificates so the...
What is the Trusted Root Certification Authorities Store?
A Certificate Authority (CA) is the entity that handles the certificate distribution for a PKI. Certificate Authorities assist in validating the identities of different websites, individuals, and devices by providing...
OCSP vs CRL: The Best Bet To Revoke Certificates In A PKI
OCSP support is not included in the current roadmap of SecureW2 for some key reasons. Here’s a brief overview of your options for certificate revocation: What is OCSP OCSP stands...
A Guide To Client Certificate Mapping In Active Directory
Certificate mapping, in a general sense, refers to the tying of an identity to an X.509 digital certificate. In practice, the term is mostly used in the context of Microsoft’s...
A Guide To Configure Certificates In Your Yubikey PIV Slots
Physical security tokens like the Yubikey have smartcards that can be configured to store several certificates, the quantity of which depends on the specifications of the secure cryptoprocessor at the...
How To Renew SSL and Client Certificates For Secure Network
Automate certificate distribution and lifecycle management with industry best managed PKI solution. Continue reading to know more.
Best Practices for Storing X.509 Private Keys
X.509 certificates play a crucial role in guaranteeing the authenticity and integrity of communications. However, organizations that rely on the security provided by certificates also need to address a concern:...
SCEP Security Best Practices
Simple Certificate Enrollment Protocol (SCEP) makes certificate issuance easier, scalable, and secure. SCEP relies on HTTP and uses RSA cryptography. It lacks support for online certificate revocation, thus limiting its...
Guide to AD CS Policies and Enforcement
What is AD CS Used For? Active Directory Certificate Services (AD CS), a Windows server software solution, is used for issuing and managing x.509 digital certificates and provides Active Directory...
What is PKCS11?
High-profile data breaches from major organizations such as Equifax, Solar Winds, and even the White House have pushed network security into the forefront of the public eye. One method of...
Can I Use Let’s Encrypt for an Enterprise?
When it comes to accessible Certificate Authority (CA) solutions that are easily available and free, Let’s Encrypt is second to none. They’ve enabled countless people and organizations to enable certificate-based...
Top 3 Ways To Troubleshoot Common Okta Certificate Errors
Okta is one of the leading Identity and Access Management (IAM) service providers for enterprises around the globe. Okta supports binding identities to digital certificates, but you might encounter one...
Certificate Management Guide For Google Workspace
Google Workspace is one of the most common Identity Providers used by enterprises today. The Google ecosystem includes a number of easy tools organizations can use in their daily operation,...
Guide: How To Build A PKI Certificate Authority
What is a Certificate Authority? A certificate authority (CA) is an entity that distributes digital certificates. A digital certificate certifies the ownership of a public key by tying it cryptographically...
Overview: Root And Intermediate Certificates
One of the main problems in online communication is trust. Let’s say you communicate with your bank through their website: how can you be sure the bank’s page is real...
Configure Okta Client Certificate Authentication
In this article, you can learn integrating digital certificates with one of the leading identity providers, Okta.
Guide: TLS Authentication and How It Works
The essence of Transport Layer Security (TLS) requires understanding two key concepts: encryption and authentication. While encryption ensures that the data transmitted between your browser and the web server is...
X.509 Digital Certificates Explained
In order to run a certificate-based network, admins need to understand how to create and configure X.509 certificates. X.509 is a cryptography standard for defining a public key certificate. X.509...
Analysis Of Windows On-Premise vs. Cloud PKI Servers.
The definition for a Public Key Infrastructures (PKIs) varies among cyber security professionals, but is generally considered a collection of components that give everything an organization needs to issue and...
An Overview of Server Certificate Validation in Android 13
Integrating the capabilities of two leading operating systems, Android and Windows, have been a dream for most tech-savvy enthusiasts across the globe. Microsoft is going to offer this upgrade by...
Best Practices for Certificate Authority Management
An ever-growing trend in authentication cybersecurity is the replacement of credential-based authentication with certificates. Credentials are simply incapable of protecting a secure network. According to the 2019 Verizon Data Breach...
AD CS Certificate and Security Configuration Exploits
Active Directory Certificate Services (AD CS) is a critical platform in cybersecurity, providing infrastructure for managing certificates within an organization. At the heart of AD CS lies the Public Key...
The Four Stages of a Certificate Lifecycle
Digital certificates are electronic credentials that are used to authenticate the identities of individuals or devices using a particular network. It’s helpful to think of certificates with similar functionality as...
What is TLS Encryption?
Transport Layer Security is a protocol that ensures privacy and data integrity between two communicating applications. It’s the most widely deployed security protocol used today and is incorporated into web...
A Comprehensive Review of Certificate Pinning: The Challenges and Alternatives
While digital certificates undoubtedly provide a more secure authentication method than passwords, some organizations still fear the possibility that certificates can be issued to unauthorized parties. Certificate pinning is a...
Can You Use Certificates for Single Sign-On (SSO)?
Forgetting your password is one of the worst things about the internet. Unfortunately, it is encouraged to create complex passwords, making remembering them more difficult. Consequently, a considerable number of...
[Solved] Enterprise PKI OCSP Error
Certificate Management has emerged as one of the better alternatives to avoid the vulnerabilities of credentials in modern-day cyberspace. Here’s a recent incident of a high-profile data breach involving credentials...
Public Key Infrastructure- A High-Level Overview
Digital signatures are pivotal to cybersecurity. They offer a robust mechanism to verify the authenticity and integrity of a document or message. Imagine sending a handwritten letter; your signature assures...
Public vs Private Certificate Authority
Certificate authorities (CAs) play a critical role in securing digital communications and data exchange. Organizations must choose between public and private CAs based on their unique security requirements, use cases,...
Smart Cards for Identity Authentication and Access Security
Smart cards, occasionally called chip cards or integrated circuit cards (IC or ICC), are a broad family of physical electronic authentication devices. More practically, they’re physically-secured microprocessors used to control...
How to Enable Windows Machine Certificate Authentication
Whether you use Windows, macOS, or any other operating system, deploying digital certificates for your device can be the most impactful step to strengthening your network security. Digital certificates use...
Why Apple Wants You to Use ACME vs. SCEP
In this article, we will discuss the latest ACME protocol that you can use for your iOS devices for a smooth transition to digital certificates with minimum effort.
How to Generate Root & Intermediate CAs
With 10 million attacks targeting usernames and passwords occur every day. it’s not a bad idea to drop passwords wherever possible. A proper PKI allows your network to utilize certificate-based...
Active Directory Certificate Services (AD CS): Explained
There are many components involved in running a certificate-based network. You need to establish trusted servers and certificate authorities (CA), make sure devices can enroll for certificates, authenticate users, manage...
What is RSA Asymmetric Encryption? How Does it Work?
Encryption is the systematic process of converting plain, readable information, or data, into an unreadable format to prevent unauthorized access. This process is achieved by implementing a set of rules...
High Level Comparison Of User Certificate vs. Device Certificate
The popularity of digital certificates has been soaring day by day with the advancement of cloud technology. It has already replaced the traditional usage of credential-based protection in various IT...
Internal Or External CA- The Best Bet For Your Organization?
Public Key Infrastructures (PKI) are widely used by organizations because they secure communications among servers and clients with digital certificates and certificate authorities (CA). Certificates are a combination of cryptographic...
Your Guide To Renew Certificates On Microsoft CA
Organizations can leverage digital certificates to build a robust network, as certificates use public-private key encryption to encrypt information sent securely over-the-air. Managing digital certificates for a smaller organization is...
Microsoft Intune Enterprise Wi-Fi Profile Best Practices
Microsoft Endpoint Manager (Intune) is a stellar MDM that we frequently encounter in managing managed devices, especially when the enterprise size is large, and we need to have centralized control...
SCEP( Simple Certificate Enrollment Protocol): A Complete Guide
Distributing certificates to managed devices can be a monumental task with a lot of moving parts that need to be accounted for: PKI integration, establishing a gateway, configuration policies, certificate...
AD CS Certificate Templates: Security Best Practices
Microsoft AD CS allows administrators to establish their domain’s CA to deploy a digital certificate with Microsoft PKI Infrastructure. To properly run their PKI infrastructure and after establishing their hierarchy, administrators...
Certificate Signing Requests: Explained
X.509 digital certificates use the X.509 Public Key Infrastructure (PKI) to certify a public key to a user, device, or service identity embedded in the certificate. A PKI encapsulates the...
[Solved] Wi-Fi Security Certificate Error
Functioning in the current world would be virtually impossible without access to wireless internet or Wi-Fi. Wi-Fi is used by people all over the world for everything from entertainment to...
Resolving SCEP Certificate Enrollment Initialization for Workgroup Error
Utilizing MDMs to establish a highly secure environment is an excellent safeguard for mitigating user error risks and developing consistency in device management. This common practice amongst enterprises is a...
How To Revoke Certificate in Windows (AD-CS)
Digital Certificates are an integral part of a Public Key Infrastructure (PKI) and cybersecurity as a whole. The certificates can encrypt communications and authenticate the identity of users and machines....
Should WPA2-Enterprise Be Used For My Home Network?
Securing home wireless networks has never been as important. An increase in remote work requires more people to handle sensitive business data at home. On top of this, our lives,...
How to Set Up AD CS PKI Certificates with Jamf
As credential-based authentication becomes increasingly insecure, many organizations see the benefit of moving to passwordless security methods such as digital certificates. Implementing certificates, however, requires the implementation of a Public...
What Are Wildcard Certificates?
SSL certificates (Secure Sockets Layer) and their successor TLS certificates (Transport Layer Security) are critical for establishing secure communications over the Internet. They authenticate the identity of a website and...
What is a Hardware Security Module (HSM)?
Data security has never been more critical. Hardware Security Modules (HSMs) are pivotal in safeguarding the cryptographic infrastructure of numerous global enterprises. HSMs have come a long way, from niche,...
What is a DoD PKI?
The Department of Defence Public Key Infrastructure (DoD PKI) is a vital component in strengthening the Department of Defense’s (DoD) digital communications and data-sharing infrastructure. Fundamentally, DoD PKI is an...
Understanding PKI Certificates
Imagine conducting important business online without identifying the person you’re interacting with. It would be like handing sensitive documents to a stranger on the street; every login would be risky....
A Deep Dive into PKI Certificates
Corporate data, social media pages, applications, and user data are crucial assets of an organization, and any theft or misuse of these could lead to huge financial losses. They not...
A Comprehensive Guide to the EAP Protocol in Networking
Network security is crucial in the modern digital world, where wireless communication is commonplace. Security risks such as unauthorized access, data eavesdropping, and network breaches can affect wireless networks. Because...
WPA3 vs WPA2: What’s the Difference?
The standards used to protect wireless/Wi-Fi networks have evolved over the years to keep up with emerging threats and protect sensitive data. WPA2 and WPA3 are some of the more...
Configure Google SCEP Certificate Automatic Enrollment Profiles
Certificates are far superior to credentials and mitigate many vulnerabilities associated with pre-shared keys. They enhance the user experience by facilitating network access and removing password-related friction induced by password...
AD CS: Domain Escalation Attack Scenario 1 (ESC1)
Active Directory Certificate Services (AD CS) is an essential tool for domain administrators to enhance network security, ensuring secure communication, code signing, and user authentication. Organizations can leverage the 802.1x...
Simple, Practical Security Guidance for AD CS
In 2008, Microsoft released the Active Directory Certificate Services(AD CS) feature to allow Administrators to manage their own Public Key Infrastructure and their Remote Authentication Dial-In User Service(RADIUS). This paved...
Transport Layer Security (TLS) Explained
Protecting and encrypting communications online is vitally important as there are countless attempts made daily to intercept them for nefarious purposes. From securing a bank transaction to protecting an authentication...
What is Certificate Lifecycle Management?
Using X.509 digital certificates for authentication is an immediate and significant upgrade to credential (password) authentication, but it requires proper support infrastructure. Certificate Lifecycle Management systems (CLM/CLMS), also called Certificate...
SolarWinds Compromise
Earlier this month, SolarWinds was breached by (who experts theorize to be) the hacker Russian organization, Cozy Bear. This attack has left 18,000 organizations potentially compromised with 250 of which...
The Risk of Expiring Web Certificates
Certificate use in a variety of mediums continues to grow, but your certificate provider cannot protect against a common certificate mistake: missing expiration dates. This isn’t a major issue if...
Configuring Yubikey Desktop Login on Jamf-Managed Devices
Yubikeys represent an exciting opportunity to merge two features that are often at odds: security and convenience. Many organizations have purchased Yubikeys and distributed them to their employees for that...