Short-Lived Certificates: Worth the Hype or Operational Headache?
In PKI, certificate lifespans have always been a balancing act between security and operational simplicity. The industry standard has preferred longer-lived certificates valid for one year, and sometimes even for...
How to Create a Cloud-Based RADIUS Server
In order to successfully configure a WPA2-Enterprise network, a RADIUS server is a must. The RADIUS authorizes and authenticates users signing into the network and eliminates any speculation into who...
When Static Trust Becomes a Backdoor: Lessons from the 2025 SharePoint ToolShell Exploit
In July 2025, a widely exploited zero-day vulnerability, CVE-2025-53770 & 53771, named ToolShell, hit on-premises Microsoft SharePoint Server systems, triggering a large-scale compromise. The ToolShell exploit gave attackers unauthenticated remote...
Securing Identity-less Infrastructure and Userless Agents
The security landscape is profoundly transforming as AI and cloud-native technologies reshape organizations’ operations. Today, infrastructure consists of identity-less components such as containers, serverless functions, and ephemeral compute instances that...
Launching Certificate-Based Security Shouldn’t be Intimidating
“Global spending on information security and risk management is expected to grow 14.3% in 2025 to reach $212 billion.” Source: Gartner Press Release, August 28, 2024 Implementing strong network security...
5 Million Unsecured Wi-fi Networks: Why We’re Still Failing at Basic Network Security
As of 2025, more than 5 million unsecured Wi-Fi networks are active worldwide. Schools, hotels, small businesses, and even enterprise guest networks continue to rely on open or shared-password Wi-Fi....
Certificate Pinning vs. Device Attestation
Certificate pinning is widely used in networks to establish trust between client devices and servers. However, with enterprises shifting to dynamic BYOD and device trust policies, certificate pinning alone does...
Understanding Authentication Strengths in Conditional Access
As cyberattacks become more targeted and identity becomes the core of security strategy, IT administrators are rethinking how users authenticate to sensitive resources. Organizations widely adopt Multi-Factor Authentication (MFA) to...
Does RadSec support roaming services, such as Eduroam?
RADIUS over TLS, also known as RadSec, enhances roaming services like Eduroam by providing stronger encryption than the standard Remote Access Dial-In Service (RADIUS) protocol. RADIUS in Eduroam utilizes the...
Why Is Device Attestation Important For Secure Access?
Device attestation is used to verify a device’s authenticity and ensure that only genuine, untampered devices with approved, uncompromised software are given access to systems. It provides cryptographic evidence through...
How Do You Enforce Consistent PKI Policy Across Distributed Teams?
You can enforce a consistent PKI policy across distributed teams by using centralized, automated enforcement with dynamic tools that integrate with your existing IT ecosystem. Manual management methods often lead...
What is a PKI, and How Does It Help Secure Networks in an Organization?
Password breaches have impacted nearly every industry, from telecommunications to healthcare. As threat actors refine their attack methods, securing networks solely with passwords has become increasingly challenging. Organizations are transitioning...
What does a modern PKI team structure look like?
Public Key Infrastructure (PKI) is like experiencing a renaissance. PKI, formerly thought to be the realm of cryptography specialists and obsolete hardware, is now a strategic enabler of business identity...
Can Continuous Authentication Help Enforce Policy-Based Access with Certificates?
Modern hybrid networks comprise a mix of both managed and unmanaged devices. With static one-time authentication being inadequate, users and devices are only authenticated at the start of a session,...
Dynamic PKI: Continuous Authentication for Modern Security
Traditional authentication models have relied on static trust. Once a device or user is authenticated a single time they typically remain trusted indefinitely. This model assumes continuous security from a...
Top PKI Management Tools For A Network
Organizations should prioritize automated certificate lifecycle management to maintain complete visibility and granular control over who and what accesses their network. Managing certificates manually—distributing, renewing, and revoking them—quickly becomes tedious...
Configuring Certificate Auto-Enrollment with Microsoft GPO
Enterprises that use Public Key Infrastructures (PKI) will have to issue and manage tens or even hundreds of thousands of digital certificates. Keeping track of all those certificates may seem...
Complete Guide To Certificate Authorities
Imagine walking into a vast library, seeking a single book among millions. Without a librarian or a catalog system, you’d be lost. In many ways, the internet is that library,...
Microsoft PKI Best Practices
A Public Key Infrastructure (PKI) is an 802.1x network security solution that uses public-private key cryptography to authenticate users for online resources. PKIs can be configured to authenticate for Wi-Fi,...
What Are Virtual Smart Cards?
In the world of authentication cybersecurity, a device growing in popularity is the Smart Card. A smart card, like those produced by Yubico, is a cryptographic tool that allows users...
SHA-2 vs ECC: Digital Certificate Encryption Advancements
Cryptographic systems are at the heart of digital certificates, enabling encryption, authentication, and integrity. SHA-2 and ECC are two pivotal technologies that protect everything from SSL certificates to system integrity...
[Solved] Jamf Casper Certificate Error
Apple devices and gadgets have been unparalleled in cutting-edge technology and customer satisfaction over the years. In a recent interview, the CIO of Jamf Linh Lam predicted Apple to reach...
Solved: Error “Cannot Manage Active Directory Certificate Services”
Admins configuring Active Directory Certificate Services (AD CS) for their network may encounter the following error message: Cannot manage active directory certificate services. The system cannot find the file specified:...
What is PIV (Personal Identity Verification)?
Personal Identity Verification (PIV) is a security standard detailed in NIST FIPS 201-2 that creates a framework for multi-factor authentication (MFA) on a smartcard. While PIV was originally designed for...
A Guide to Server Certificates
Server security is critical in today’s digitally driven environment. The server certificate, a digital document that verifies the identification of a website or server, is fundamental to Internet communication security....
All that You Need To Know About Public Key Encryption
We are living in a time where wireless security is imperative because private data and personal information are uploaded online. As the amount of online data increases, so does the...
Why is It Safe to Migrate AD CS from SHA-2 to SHA-1 In 2024?
It’s imperative for organizations to fully switch from SHA-1 to SHA-2. The National Institute of Standards and Technology (NIST) stated SHA-1 should not be trusted, PCI Compliance scanners no longer...
Why Do You Need S/MIME Encryption In Network Security
S/MIME stands for “Secure/Multipurpose Internet Mail Extensions”. It’s an IETF standard for public key encryption and creating a digital signature for MIME data. In essence, S/MIME uses a PKI to...
How to Integrate with Entra ID For Effective Certificate Management
The transition from on-premise Active Directory (AD) to cloud-based Azure AD (Microsoft Entra ID) can be tricky, leaving Azure admins searching for an easy way to migrate. Unlike AD, there...
Certificate Lifetimes – Is 20 Years Too long?
Over the last few years, software makers have begun cracking down on certificates that do not expire soon enough. Most browsers will reject any SSL certificate with a lifetime longer...
Adding a Trusted Root Certificate Authority to Group Policy Objects
Organizations that want the best in authentication security should look no further than certificate-based authentication. When compared to using credentials for authentication, it’s simply no contest. The two pillars supported...
PKI Smart Card Authentication for Enterprise
Companies and governments around the world are finding more and more uses for PKI smart cards – especially for identity management. These tiny chips can be found in a multitude...
Expanded Windows Hello for Business + Yubikey Login
SecureW2 has developed two solutions that offer major functionality upgrades to Windows Hello for Business: A Yubikey Management Solution that allows you to use your Azure AD or AD directory...
How to Use Yubikeys for VPN
Yubikeys are a useful and secure tool for protecting yourself from data theft. They add a layer of authentication and can be used with other authentication methods to further protect...
What is the Trusted Root Certification Authorities Store?
A Certificate Authority (CA) is the entity that handles the certificate distribution for a PKI. Certificate Authorities assist in validating the identities of different websites, individuals, and devices by providing...
A Guide To Client Certificate Mapping In Active Directory
Certificate mapping, in a general sense, refers to the tying of an identity to an X.509 digital certificate. In practice, the term is mostly used in the context of Microsoft’s...
A Guide To Configure Certificates In Your Yubikey PIV Slots
Physical security tokens like the Yubikey have smartcards that can be configured to store several certificates, the quantity of which depends on the specifications of the secure cryptoprocessor at the...
How To Renew SSL and Client Certificates For Secure Network
Automate certificate distribution and lifecycle management with industry best managed PKI solution. Continue reading to know more.
Best Practices for Storing X.509 Private Keys
X.509 certificates play a crucial role in guaranteeing the authenticity and integrity of communications. However, organizations that rely on the security provided by certificates also need to address a concern:...
Guide to AD CS Policies and Enforcement
What is AD CS Used For? Active Directory Certificate Services (AD CS), a Windows server software solution, is used for issuing and managing x.509 digital certificates and provides Active Directory...
What is PKCS11?
High-profile data breaches from major organizations such as Equifax, Solar Winds, and even the White House have pushed network security into the forefront of the public eye. One method of...
Can I Use Let’s Encrypt for an Enterprise?
When it comes to accessible Certificate Authority (CA) solutions that are easily available and free, Let’s Encrypt is second to none. They’ve enabled countless people and organizations to enable certificate-based...
Top 3 Ways To Troubleshoot Common Okta Certificate Errors
Okta is one of the leading Identity and Access Management (IAM) service providers for enterprises around the globe. Okta supports binding identities to digital certificates, but you might encounter one...
Certificate Management Guide For Google Workspace
Google Workspace is one of the most common Identity Providers used by enterprises today. The Google ecosystem includes a number of easy tools organizations can use in their daily operation,...
Guide: How To Build A PKI Certificate Authority
What is a Certificate Authority? A certificate authority (CA) is an entity that distributes digital certificates. A digital certificate certifies the ownership of a public key by tying it cryptographically...
Overview: Root And Intermediate Certificates
One of the main problems in online communication is trust. Let’s say you communicate with your bank through their website: how can you be sure the bank’s page is real...
Why is EAP-TTLS/PAP Not Safe in 2024
When designing a new network, there are countless features to consider that significantly impact the organization at large. Few functions of the network impact users more than the authentication method...
Guide: TLS Authentication and How It Works
The essence of Transport Layer Security (TLS) requires understanding two key concepts: encryption and authentication. While encryption ensures that the data transmitted between your browser and the web server is...
X.509 Digital Certificates Explained
In order to run a certificate-based network, admins need to understand how to create and configure X.509 certificates. X.509 is a cryptography standard for defining a public key certificate. X.509...
Analysis Of Windows On-Premise vs. Cloud PKI Servers.
The definition for a Public Key Infrastructures (PKIs) varies among cyber security professionals, but is generally considered a collection of components that give everything an organization needs to issue and...
An Overview of Server Certificate Validation in Android 13
Integrating the capabilities of two leading operating systems, Android and Windows, have been a dream for most tech-savvy enthusiasts across the globe. Microsoft is going to offer this upgrade by...
Best Practices for Certificate Authority Management
An ever-growing trend in authentication cybersecurity is the replacement of credential-based authentication with certificates. Credentials are simply incapable of protecting a secure network. According to the 2019 Verizon Data Breach...
AD CS Certificate and Security Configuration Exploits
Active Directory Certificate Services (AD CS) is a critical platform in cybersecurity, providing infrastructure for managing certificates within an organization. At the heart of AD CS lies the Public Key...
The Four Stages of a Certificate Lifecycle
Digital certificates are electronic credentials that are used to authenticate the identities of individuals or devices using a particular network. It’s helpful to think of certificates with similar functionality as...
A Comprehensive Review of Certificate Pinning: The Challenges and Alternatives
While digital certificates undoubtedly provide a more secure authentication method than passwords, some organizations still fear the possibility that certificates can be issued to unauthorized parties. Certificate pinning is a...
Can You Use Certificates for Single Sign-On (SSO)?
Forgetting your password is one of the worst things about the internet. Unfortunately, it is encouraged to create complex passwords, making remembering them more difficult. Consequently, a considerable number of...
[Solved] Enterprise PKI OCSP Error
Certificate Management has emerged as one of the better alternatives to avoid the vulnerabilities of credentials in modern-day cyberspace. Here’s a recent incident of a high-profile data breach involving credentials...
Public Key Infrastructure- A High-Level Overview
Digital signatures are pivotal to cybersecurity. They offer a robust mechanism to verify the authenticity and integrity of a document or message. Imagine sending a handwritten letter; your signature assures...
Public vs Private Certificate Authority
Certificate authorities (CAs) play a critical role in securing digital communications and data exchange. Organizations must choose between public and private CAs based on their unique security requirements, use cases,...
Smart Cards for Identity Authentication and Access Security
Smart cards, occasionally called chip cards or integrated circuit cards (IC or ICC), are a broad family of physical electronic authentication devices. More practically, they’re physically-secured microprocessors used to control...
How to Enable Windows Machine Certificate Authentication
Whether you use Windows, macOS, or any other operating system, deploying digital certificates for your device can be the most impactful step to strengthening your network security. Digital certificates use...
How to Generate Root & Intermediate CAs
With 10 million attacks targeting usernames and passwords occur every day. it’s not a bad idea to drop passwords wherever possible. A proper PKI allows your network to utilize certificate-based...
Active Directory Certificate Services (AD CS): Explained
There are many components involved in running a certificate-based network. You need to establish trusted servers and certificate authorities (CA), make sure devices can enroll for certificates, authenticate users, manage...
What is RSA Asymmetric Encryption? How Does it Work?
Encryption is the systematic process of converting plain, readable information, or data, into an unreadable format to prevent unauthorized access. This process is achieved by implementing a set of rules...
High Level Comparison Of User Certificate vs. Device Certificate
The popularity of digital certificates has been soaring day by day with the advancement of cloud technology. It has already replaced the traditional usage of credential-based protection in various IT...
Internal Or External CA- The Best Bet For Your Organization?
Public Key Infrastructures (PKI) are widely used by organizations because they secure communications among servers and clients with digital certificates and certificate authorities (CA). Certificates are a combination of cryptographic...
SHA-256 vs. SHA-1: Which Is The Better Encryption?
Sending information in clear text over the air is a tremendous risk in today’s complex cybersecurity environment. Hackers constantly evolve attack vectors to target sensitive data in transit, but encryption...
Your Guide To Renew Certificates On Microsoft CA
Organizations can leverage digital certificates to build a robust network, as certificates use public-private key encryption to encrypt information sent securely over-the-air. Managing digital certificates for a smaller organization is...
AD CS Certificate Templates: Security Best Practices
Microsoft AD CS allows administrators to establish their domain’s CA to deploy a digital certificate with Microsoft PKI Infrastructure. To properly run their PKI infrastructure and after establishing their hierarchy, administrators...
Certificate Signing Requests: Explained
X.509 digital certificates use the X.509 Public Key Infrastructure (PKI) to certify a public key to a user, device, or service identity embedded in the certificate. A PKI encapsulates the...
Configuring SCEP Profiles in Intune: A High-Level Overview
Nowadays, network admins have started to come around to the benefits of digital certificates, which is a justified response given the superior cryptographic protection compared to traditional passwords and usernames....
How To Revoke Certificate in Windows (AD-CS)
Digital Certificates are an integral part of a Public Key Infrastructure (PKI) and cybersecurity as a whole. The certificates can encrypt communications and authenticate the identity of users and machines....
How Does SSH Certificate Authentication Work?
Secure Shell (SSH) certificate authentication provides a robust method for authenticating users and hosts connecting to an SSH server. As a protocol, SSH prevents unauthorized parties from accessing systems remotely....
A Complete Guide to Configuring RADIUS on Windows 2019
The term “RADIUS server” will probably be mentioned at some point in any conversation regarding wired or wireless authentication. Within a WPA-2 Enterprise network, RADIUS (also referred to as a...
Smart Card Authentication with Active Directory
Chances are, your work requires you to have logins and passwords for multiple resources. On top of that, you probably have to update your password regularly, ensuring that each new...
How to Manage Certificates with Intune (MEM Intune)
Network administrators often feel certificate management to be challenging at times, especially in finding the right PKI for certificate deployment. They either end up paying for a pricey PKI...
Network Access Control: Explained
Network Access Control (NAC) is an advanced cybersecurity measure designed to regulate who, what, and how entities gain access to network resources. As the traditional security perimeter is no longer...
How is a Smart CAC Card Used in A PKI?
Public Key Infrastructure (PKI) is one of the most robust methods for safeguarding sensitive information, particularly within the Department of Defense (DoD) ecosystem, where it secures sensitive data and communications...
What is PKI-as-a-Service (PKIaaS)?
Public Key Infrastructure (PKI) keeps data secure, authenticates identities, and ensures end-to-end encryption. It plays a vital role in securing digital communications and involves a set of roles, policies, hardware,...
What is a Hardware Security Module (HSM)?
Data security has never been more critical. Hardware Security Modules (HSMs) are pivotal in safeguarding the cryptographic infrastructure of numerous global enterprises. HSMs have come a long way, from niche,...
What is a PKI Token?
Today’s world relies heavily on online interactions, such as collaborating with family, friends, and colleagues on social media or checking our bank accounts. However, this ease of use raises security...
What is a DoD PKI?
The Department of Defence Public Key Infrastructure (DoD PKI) is a vital component in strengthening the Department of Defense’s (DoD) digital communications and data-sharing infrastructure. Fundamentally, DoD PKI is an...
A Deep Dive into PKI Certificates
Corporate data, social media pages, applications, and user data are crucial assets of an organization, and any theft or misuse of these could lead to huge financial losses. They not...
What is WPA Authentication?
The ubiquity of Wi-Fi networks in today’s world has made them popular targets for cyberattacks, especially if they rely on vulnerable mechanisms like passwords. In a 2021 study, security researchers...
Introducing WebAuth Wi-Fi with Cloud IDPs
It’s no secret that open Wi-Fi networks are infamously insecure, and Pre-Shared Key (PSK) networks aren’t much better. If you tie your organization’s Wi-Fi to a single password and more...
WPA3 vs WPA2: What’s the Difference?
The standards used to protect wireless/Wi-Fi networks have evolved over the years to keep up with emerging threats and protect sensitive data. WPA2 and WPA3 are some of the more...
What is an X.509 Digital Certificate?
X.509 certificates are forms of identification that leverage public-private key cryptography. They are a secure replacement for passwords.
Risk of Public Wi-Fi
Public Wi-Fi is any network other than your home or work network and is commonly found in places such as airports, malls, coffee shops, hotels, and restaurants. It allows users...
Configure Azure AD Continuous Access Evaluation for RADIUS
Continuous Access Evaluation (CAE) is an essential security feature in Azure Active Directory (Azure AD) that constantly monitors and evaluates user access to resources. Through CAE, Azure provides a proactive...
What is Certificate-Based Authentication?
An IBM study says that stolen or compromised passwords are the most common reason for a data breach. Let’s be honest, usernames and passwords aren’t a good way to prove...
What is Cryptographic Agility and Why Does it Matter?
Cryptography is a cornerstone of securing information systems. It involves encoding data to ensure only authorized parties can access it. By converting data into an unreadable format, cryptography protects sensitive...
AD CS: Domain Escalation Attack Scenario 1 (ESC1)
Active Directory Certificate Services (AD CS) is an essential tool for domain administrators to enhance network security, ensuring secure communication, code signing, and user authentication. Organizations can leverage the 802.1x...
Simple, Practical Security Guidance for AD CS
In 2008, Microsoft released the Active Directory Certificate Services(AD CS) feature to allow Administrators to manage their own Public Key Infrastructure and their Remote Authentication Dial-In User Service(RADIUS). This paved...
Transport Layer Security (TLS) Explained
Protecting and encrypting communications online is vitally important as there are countless attempts made daily to intercept them for nefarious purposes. From securing a bank transaction to protecting an authentication...
Overview of LDAP For Today’s Cloud Environment
Lightweight Directory Access Protocol (LDAP) is an integral component of digital identity frameworks, providing an open and cross-platform protocol used for directory service authentication. It provides a systematic method for...
LDAP Injection Attacks: Explained
LDAP also known as Lightweight Directory Access Protocol, is an essential utility in network settings that facilitates getting hold of data about organizations, individuals, and resources. LDAP is commonly used...
What is a PKI (Public Key Infrastructure)?
The use of a Public Key Infrastructure (PKI) by an organization demonstrates a dedication to cybersecurity. It enables passwordless authentication, encrypted communication, and it has been listed by organizations such...
802.1X Port Security Simplified
Did you know that the cost of data breaches reached a whopping $4.35 million in 2022? Data breaches cost organizations a lot in penalties and lost business opportunities. Almost 68%...
How to Fix the “X.509 Certificate Signed by Unknown Authority” Error Code
X.509 digital certificates are a fantastic way to encrypt communication and authenticate into systems, but they require a little more infrastructure to support than your typical username and password credentials....
Why You Should Protect Your Local Area Network, Even if You’re Cloud-Based
Ensuring the security and integrity of a business’s data and network infrastructure is of utmost importance, and thus safeguarding the local network is imperative. The Wi-Fi network serves as the...
Passwordless Authentication: Explained
Do you want to move to effective Passwordless authentication solutions? Read to find out how a robust passwordless solution can enhance your network's security.
Using Certificates for Granular Application Access with Microsoft Defender
The cloud presents an enticing opportunity for businesses – it makes important resources available anywhere, allows them to offshore the cost of storage, and can even save them on hardware...
Microsoft Network Device Enrollment Service: Do You Need It?
In this article, we will discuss NDES, its importance in network security, and its benefits for managing devices in an enterprise environment.
Implement Microsoft Passwordless Authentication With Azure AD CBA
In this article, we’ll cover precisely what Microsoft Authenticator App is and how you can quickly onboard to digital certificates.
How Digital Certificates Enable Secure Single Sign-On (SSO)
Users in an organization typically need access to many applications to assign and complete their tasks, access email, write code and communicate with each other. Multiple apps require multiple sets...
Configure Client Certificate Authentication with OneLogin
Configure Client Certificate Authentication on OneLogin and enforce Zero Trust Policy and make your network secure.
Configure Client Certificate Authentication with Ping
As many organizations shift to the digital mode in the post-pandemic era, there is an exponential increase in cloud-based network solutions. Surprisingly, numerous cutting-edge wireless technologies, such as 5G, virtual...
Automated Certificate Management Environment (ACME) Explained
Want to understand what Automated Certificate Management Environment (ACME) Explained is all about? Read this to know more.
JAMF vs. Kandji: Apple MDMs compared
Read and compare JAMF and Kandji as Apple MDM solutions here.
Portnox CORE vs. Cisco ISE: NAC Comparison
Read about two popular NAC solutions ad pick out the best one for your organizational needs.
How to Set Up Passwordless Authentication on Chromebook
Many enterprises are planning to shift towards passwordless authentication for their managed Chromebooks. Passwords have been proven to be a weak form of security, so it’s in everyone’s best interest...
Enrolling Devices for Certificate Auth for OneLogin Device Trust
Amidst uncertainties in times of war, hackers have frequently upgraded their attack modes and penetrated almost every industry you can think of. The Australian cyber-security head has admitted reporting one...
7 Critical IAM Tools
As an organization, you know there are a lot of factors to consider when provisioning network access to employees. You need to ensure that the users are who they claim...
IAM vs PAM
IAM and PAM explained and how the right implementation of the two solution can help make your network security secure from cyberattacks
MFA Options for Cyber Insurance Requirements
More cyber insurance providers require MFA. But why, and what other cyber insurance requirements should you prepare for?
FreeRADIUS vs. Jumpcloud
As technology progresses, hackers have constantly upgraded their modes of attack, which include social engineering techniques to compromise the network space of an organization. Here’s a recent incident of a...
Configuration Guide: Windows RADIUS Server 2012
Anytime there’s a discussion about a wired or wireless authentication, it’s probable that the word “RADIUS server” will come up sooner or later. RADIUS, also known as a “AAA server,”...
Azure AD Conditional Access with 802.1X
The post-pandemic world is witnessing an exponential surge in cloud-based network solutions as many businesses transition into digital mode. Interestingly, many cutting-edge wireless technologies like 5G, virtual reality, and AI...
Device Authentication with User Attributes for Cloud Directories
When users and devices authenticate to your network, you should ideally have as much information from them as possible to make context-rich security decisions. Certificate-based authentication (CBA) empowers administrators to...
Digital Signatures: Explained
An effective Zero Trust architecture is built on a foundation of identity context. Digital signatures support a Zero Trust initiative by cryptographically assuring the identity of the signee, answering questions...
Cloud 802.1x Explained
What Is Cloud 802.1x? An 802.1x network is unique in one major way; it uses a Cloud RADIUS server as a means of authenticating users. The Cloud RADIUS checks a...
What is Certificate Lifecycle Management?
Using X.509 digital certificates for authentication is an immediate and significant upgrade to credential (password) authentication, but it requires proper support infrastructure. Certificate Lifecycle Management systems (CLM/CLMS), also called Certificate...
Code Signing with Digital Certificates: Explained
Imagine you’re installing an application and a pop-up like the screenshot above comes up. How can you be sure that the application you’re about to download is really safe? The...
Top 3 Tips for Enrolling Chromebooks with AD CS
There has been a huge increase in the use of wireless devices to connect to organization’s secure networks and it’s created a new security challenge for network admins. Securely connecting...
Why a Managed PKI (MPKI) is Probably Right for You
If you’ve decided to make the move to secure certificate-based authentication, one of the first things you need to figure out is whether you’re going to build your own Public...
What Is Certificate Management?
When considering the importance of authentication security and establishing device trust to protect your network, it’s no wonder organizations are moving away from credentials in droves. A solution that many...
Can PKI Replace Passwords?
There is a new trend that’s taking the IT world by storm: Passwordless Authentication. NordPass estimates that the average user has between 70 and 80 passwords. That’s why people so...
Combining FIDO2 and PKI: Supporting All Your Applications
The world of IT is constantly evolving. This is true due to both advancements in technology and the emerging remote work landscape of the world. Remote work is now commonplace...
What is a Hardware Security Module?
More than ever, businesses and organizations have a responsibility to secure their data. Highly adaptable organizations have begun to implement a PKI as a means to upgrade network security. According...
How To Utilize PKI Certificates
Using a Public Key Infrastructure (PKI) is a great step for any organization choosing to prioritize their network’s security. The primary purpose of a PKI is to manage the public...
5 Reasons AD CS Is Not A Complete PKI
Credential-based authentication is the most common form of authentication that everyone is accustomed to. But with most decades-old technologies, credentials are woefully ill-equipped to face modern security threats. While multi-factor...
Google Workspace Network Security Best Practices
Considering the massive amount of revenue loss that can occur with just a single security breach and the continued prevalence of cyber attacks, organizations need to be emphasizing network security...
Should I Bind Non-Windows Devices to Active Directory?
Digital certificates are starting to take over as the preferred method of network authentication because of their proven superiority to passwords in security and user experience. Many organizations are wanting...
Using Object Identifiers In PKI Management
Management of a PKI can be a full-time task for an IT team. Ensuring network users are able to authenticate to a secure network, easily maintaining their network identity, providing...
MacOS Smart Card Services
Smart Card usage has been on the rise for a variety of different reasons, but undoubtedly the most prominent is for their identity management capabilities. Cybersecurity-oriented organizations are taking advantage...
Private Key Attestation on macOS
Key attestation is a necessary part of creating valid X.509 digital certificates. Asymmetric cryptography requires that the client be able to prove its identity by attesting to the secure creation...
YubiKey Automatic Programming Software (Works with PIV)
YubiKeys are an easy way to significantly improve authentication security and, with digital certificates, can even provide a high degree of identity assurance. However, the native Yubikey configuration and personalization...
3 Hidden Costs of an On-Prem CA
A certificate authority is a requirement for many organizations, whether for customer-facing products or internal security protocols. One of the first decisions to make regarding a Public Key Infrastructure (PKI),...
Simplify Certificate Enrollment with AD CS
Many organizations recognize the inherent cybersecurity weakness of credential-based authentication and have made the switch to certificates as a result. The decision to move away from reliance on credentials is...
Securing VPN Authentication with AD CS
The rise in remote working has been increasing since the dawn of the digital age, but the increase has seen an especially massive jump since the outbreak of the COVID-19...
What is Always On VPN?
The rise in remote working has steadily increased with new innovations in technology, but has seen a massive increase since the Covid-19 pandemic. Companies the world over have sent their...
How To Properly Delete a Certificate Authority
Securing communications via digital certificates is among the most secure processes used by organizations today. The use of public key cryptography makes certificates uncrackable and can be used to protect...
What is OpenXPKI?
Deploying digital certificates for internal and external use is a growing trend throughout countless industries. Of course, as more people convert to using certificates, they find that using the proper...
The Best Private CA / PKI Service
The use of certificates for network security is rapidly increasing due to their superiority over all other authentication methods. They’re incredibly versatile and can enable authentication customization that far surpasses...
What is a AWS Private CA?
Private certificate authorities (CA), also known as enterprise CAs, are CAs specifically meant for internal use. They are self-hosted and therefore not trusted externally. The usual use cases come from...
What is Certificate Revocation?
The average number of certificates an organization needs to manage grew 43 percent in 2020, so having a good certificate management system is paramount to success for any enterprise. SecureW2’s...
How to Issue a Certificate from a Microsoft CA Server
Now that we’ve learned passwords are not a secure form of authentication, organizations are implementing digital certificates, which provide stronger security and can be leveraged for more efficient network authentication....
A PKI is the Foundation for Zero Trust Network Security
The IT industry is evolving rapidly, with new technologies, devices, and systems introduced regularly. Organizations are regularly having to update and upgrade their environments regularly to keep up with the...
Running PKI-as-a-Service
Creating and operating a certificate-based network is no simple task. Without a highly knowledgeable staff that is well-versed in certificate management, an organization can get bogged down in integration, configuration,...
SolarWinds Compromise
Earlier this month, SolarWinds was breached by (who experts theorize to be) the hacker Russian organization, Cozy Bear. This attack has left 18,000 organizations potentially compromised with 250 of which...
Maximizing an Internal Windows Certificate Authority
Maintaining a secure network that is easily accessible for users within an organization is more difficult than ever. As cybersecurity technologies improve to address current threats, malicious attackers continue to...
Managing an Internal CA
When considering the failures of credential-based authentication, it’s no surprise that many security-conscious organizations have been upgrading to certificates for authentication. One of the benefits of certificates is the flexibility...
Managed Certificate Authority Services
What is a Certificate Authority? A certificate authority (CA) is an entity that distributes digital certificates. These certificates cryptographically tie an identity to a public key, ensuring that individuals online...
How to Configure Azure AD Attributes on Certificates
Attribute mapping in Azure AD (Microsoft Entra ID) is easier than you might think. With a simple SAML application, you can use customizable Azure attributes to enforce dynamic policy options...
What is a Microsoft Certificate Authority?
What is a Certificate Authority? A certificate authority (CA) is an entity that distributes digital certificates to devices. They assist in validating the identities of websites, individuals, and devices before...
How to Run Your Own Certificate Authority
What is a Certificate Authority? A certificate authority (CA) is an entity that distributes digital certificates to devices. A digital certificate certifies the ownership of a public key by tying...
Best Network Security Solutions for MSPs
Among small businesses that have been targeted by cyber-criminals, 70% were used as an entry point into a larger enterprise system they supply to. Nearly half (48%) of the cases...
How To Use Azure AD Conditional Access for a Zero Trust 802.1x Network
The standard method of thinking about network security is long overdue for an update. The usual “perimeter protection” approach consists of defining, and then controlling, a virtual boundary to make...
How to Auto-Enroll Certificates from AD CS
Active Directory Certificate Services (AD CS) is a Windows server software solution designed to issue x.509 digital certificates. Certificates have proven to be more secure and easier to use than...
Configuring FreeRADIUS for EAP-TLS Authentication
FreeRADIUS is one of the most widely used RADIUS authentication providers, with customers ranging from top enterprises to universities. While FreeRADIUS is certainly an effective authentication tool, cybersecurity hinges on...
Does AD CS Work in the Cloud?
Digital certificates have taken over as the preferred method of network authentication because of their proven superiority to passwords in security and user experience. Many organizations recognize this and want...
PKI for Microsoft GPO
Microsoft’s Group Policy Object (GPO) is a useful tool to allow administrators to control the level of access for users on the network. In addition to providing strong security from...
Multi-Tenant Cloud PKI for MSPs
A PKI is a vital part of any comprehensive network security strategy and Managed Service Providers (MSPs) are aware of this. Currently, MSPs are under scrutiny as a number of...
Top 3 Tips on Configuring Policies in Active Directory Certificate Services
Active Directory Certificate Services (AD CS) is a Windows server software solution designed to issue x.509 digital certificates. Certificates have proven to be more secure and easier to use than...
TLS/SSL Encryption with Azure
Improving cyber security is crucial for organizations as one cyber attack could trigger the downfall and bankruptcy of an entire business. That’s why end-to-end encryption has become a network security...
Authenticating Guest Users for VPN with Azure AD B2B and SecureW2
Cross-organization collaboration can be tricky for the IT department because they need to make sure the partner’s security policies match their own, then create temporary guest user accounts and ensure...
Enable 802.1X For Guest Users with Azure AD B2B and SecureW2
Business-to-Business collaboration is essential for company growth. Thousands of companies have collaborated on projects to increase company value and spread risk. At the core of these collaborations is identity and...
Managed PKI Solutions for Active Directory Certificate Services
Investing in a Public Key Infrastructure (PKI) for your 802.1x network is the single best decision you can make to improve your network. The hardened security and improved user experience...
Can I Use Google With LDAP?
Google Suite, also known as Google Workspace, is many people’s go to cloud-based productivity suite. G-Suite is a collection of collaboration tools and software that organizations can use to increase...
Can I Replace LDAP/OpenLDAP with Azure?
OpenLDAP is a free, open-source LDAP server that is used and trusted by organizations around the world. Historically, OpenLDAP has been a good solution for directory services and has succeeded...
Best Cyber Security Practices for MSPs
Over 30 millions businesses have fewer than 1,000 employees and many don’t have the IT budget to provide effective network security. Managed Service Providers (MSP) are a godsend for small...
SSL vs. TLS Certificates
One of the most important security precautions for any customer-facing organization is to ensure data sent between the two parties is protected from outside attacks. Without data integrity, customers or...
Securing VPN Authentication with RADIUS & MFA
Due to the Covid-19 pandemic, organizations all over the world have closed their offices and sent their employees home to work remotely. The mass exodus from the office to remote...
Top 3 Cybersecurity Concerns for MSPs
Managed service providers (MSPs) have been the focal point of a series of attacks that are starting to draw attention from the public. A study conducted by Vanson Bourne surveyed...
Active Directory: Explained
Directory servers make it easy for admins to store and access resources including user and device information, computers, files, server, and much more. Back in the old days, in order...
A Cloud PKI Solution for Azure AD
Azure AD (Microsoft Entra ID) customers can ditch password-based authentication and switch to x.509 certificate-based authentication. Digital certificates offer vast improvements to network security, efficiency, and user experience. But in...
Active Directory Vs. LDAP
Active Directory (AD) and Lightweight Directory Access Protocol (LDAP) are two terms frequently used regarding directory services. These solutions are essential frameworks for managing user identities, resources, and network configurations...
Enabling Windows Machine Certificate Authentication
Looking to use certificate-based authentication on your managed windows devices? Machine authentication with x.509 certificates permits managed Windows machines that don’t belong to any users, to authenticate onto a 802.1X...
PKI Delivery Software for Every Device
While the advantages of certificate-based authentication over credential-based are well documented, many still experience the barrier to entry of provisioning devices with certificates. This is certainly a valid concern for...
YubiKey PIV Certificate Management
Many organizations purchase security keys like the YubiKey to streamline and secure access to various applications, but they can be used for much more. The YubiKey in particular has the...
Enabling 802.1x with AD CS
Keeping your network secure from unwanted intruders is increasingly difficult with the advancements in technology. It’s relatively easy for malicious actors to obtain network access and steal all the data...
Enable Secure Wi-Fi with AD CS
In an age where people have migrated to conducting business online, organizations must ensure their Wi-Fi networks are protected from outside threats. Cyber attacks, including the infamous man-in-the-middle attack, prey...
The Risk of Expiring Web Certificates
Certificate use in a variety of mediums continues to grow, but your certificate provider cannot protect against a common certificate mistake: missing expiration dates. This isn’t a major issue if...
How to Issue Digicert Certificates to Devices
Digicert offers a variety of SSL certificates to accommodate any organizational structure and fulfill their specific needs. They supply you with the tools to configure any Platform/OS combination, giving the...
Enabling Double Encryption for Zscaler with SecureW2’s PKI
Double encryption adds an extra layer of security to ensure that the connections between the Z App, Connectors, and ZPA ZENs stay protected. Although Zscaler already comes with a layer...
Man-in-the-Middle (MITM) Attacks: Explained
If you’ve ever watched this scene from Spongebob Squarepants, then you have a basic understanding of a man-in-the-middle (MITM) attack. According to UPS Capital, cyber attacks cost small businesses an...
PKI-Supported CMS for Yubikey
A CMS (Credential Management System) or SCMS (Smart Card Management System) is an invaluable tool for organizations using smart cards and security keys. They have many functions to control credentials...
Configuring a PKI for Wi-Fi
Wi-Fi security and availability is imperative for businesses now that online communication is the standard. Many organizations use passwords to authenticate user devices, but that is no longer a viable...
How to Automate Certificate Management and Provisioning
One of the biggest hurdles in certificate management is the lack of experience in finding the proper certificate management solutions. Often, administrators are of the notion that their only option...
The Best Way to Manage Microsoft Certificates
A primary weakness of password-based authentication is the human element. Passwords can be forgotten, shared, or stolen, making them a nightmare for IT admins. Forgotten passwords can lead to service...
Top 3 Mistakes Setting Up AD CS Certificate Templates
In order to use certificates for authentication, a security trend caused by the inadequacies of password-based authentication, a public key infrastructure (PKI) must be in place. Active Directory Certificates Services...
Creating Private Certificates Authorities for Internal Use
What is a Certificate Authority? A certificate authority (CA) is an entity that distributes digital certificates to devices. These certificates cryptographically tie an identity to a public key, ensuring that...
Passpoint r1 & r2 Compared
Enabling an online connection while users are away from their home networks has been a challenge for those that want a complete and efficient system. The use of mobile data...
Enterprise PKI Management in the Cloud
As the importance of secure authentication continues to rise, many organizations are looking for lightweight, cost-efficient solutions to their cybersecurity concerns. This has caused many to question the efficacy of...
3 Security Advantages of a Cloud RADIUS Server
In order to successfully configure a WPA2-Enterprise network you must have a RADIUS server. The RADIUS authorizes and authenticates users signing into the network and eliminates any speculation into who...
Why ECC is the Solution for IoT Security
ECC, or Eliptical Curve Cryptography, isn’t a new technology – it’s relatively old, actually, Despite being around since 1985, it has just recently begun to gain popularity as an alternative,...
Managed PKI VS Private PKI
Deciding between a managed PKI and a private PKI is a difficult decision. Each method of PKI management has advantages and disadvantages, and if you’re coming from a place of...
Top 4 Managed PKI Use Cases
A Managed PKI is a vital part of any comprehensive network security strategy. It allows you to use digital certificates for authentication, a form of credential that’s much more secure...
Combating Burnout in Cybersecurity
Cybersecurity professionals are highly sought-after individuals that add an immense amount of value to an organization, but that value can be difficult to pin down in terms of dollars. As...
Certificate Security for IoT Devices
Internet of Things (IoT) devices have been a rapidly growing industry trend that can provide invaluable and unique data to many organizations. While most devices are designed to maximize the...
Best Practices for AD CS Configuration
Many companies use Windows servers as the main component of their IT infrastructures. If those companies want to use digital certificates for their network, they set up a public key...
What is Public Key Cryptography?
Public key cryptography, a synonym for asymmetric cryptography, is a clever cryptographic system that allows two parties to exchange encrypted information publicly without worry of interception. Many cryptographic systems are...
How Vulnerabilities Put Sensitive Data at Risk
Cybersecurity is one of the most dynamic and complex industries in the world today. A business that provides cybersecurity software or products is not just competing against other companies; they’re...
Efficient Device Onboarding for Higher Education
An important first task for incoming students is to connect to the secure network they will use for all their on-campus studies. If the process is less than smooth, the...
Introducing an MDM Solution for SMBs
A common trend for SMBs seen across many industries is opting into a MDM infrastructure to replace or supplement a BYOD policy. For many organizations, a MDM system offers a...