Commented Unassigned: import-module pspki in visual studio 2013 for asp.net...
Import-module pspki doesn't import pspki module and hence I am not able to use Get-CertificateRequest command in a .net application (to be specific in a asp.net code behind page which is in C#). Can...
View ArticleUpdated Wiki: Roadmap
Project RoadmapThis page contains a roadmap for the PowerShell PKI module project. Roadmap items are placed in a no paticular order.PowerShellProvide "New-CertificateSigningRequest" command; Provide CA...
View ArticleNew Post: Possible issue with Get-CertificationAuthority on remote CA
Hello Sometimes when I run Get-CertificationAuthority is takes a minutes to complete (other times it comes back quicker) when this happens I sometimes see the IsAccessible false RegistryOnly True...
View ArticleNew Post: Possible issue with Get-CertificationAuthority on remote CA
Hello Again I ran the same command this morning Get-CertificationAuthority early in the morning when the Network is quite and it responded in a timely fashion and showed IsAccessible True Therefore I...
View ArticleNew Post: Possible issue with Get-CertificationAuthority on remote CA
Yes, the code internally attempts to contact CertSvc service over DCOM and depending on network connectivity/speed/load may consume some time. If the connection succeeds, then IsAccessible property is...
View ArticleNew Post: OCSPRequest throws exception when certificate's algorithm is MD5
MSCOMCTL.OCX This file's certificate of counter signer has been signed with MD5 algorithm and when I try to call OCSPRequest, the exception occurs with the message "Issuer for the speified certificate...
View ArticleNew Post: OCSPRequest throws exception when certificate's algorithm is MD5
The error is raised because issuer certificate for the signer certificate is not found. CertID structure requires some extra information that exists only in the issuer certificate. Internally, the...
View ArticleCreated Unassigned: CRL revocation check bug [85]
Hi,I tested the certificate at https://revoked.grc.com and https://test-sspev.verisign.com:2443/test-SSPEV-revoked-verisign.html to see if they were revoked (they should be) in their CRL revocation...
View ArticleNew Post: OCSPRequest throws exception when certificate's algorithm is MD5
OK, I installed issuer certificate and request instance has successfully created. But now I'm receiving unsatisfying response. I got following HttpHeaders and ResponseStatus is "Unauthorized". The rest...
View ArticleNew Post: OCSPRequest throws exception when certificate's algorithm is MD5
Unauthorized response status means that this OCSP server is not authoritative for this particular issuer and have no information about revocation status.
View ArticleCommented Unassigned: CRL revocation check bug [85]
Hi,I tested the certificate at https://revoked.grc.com and https://test-sspev.verisign.com:2443/test-SSPEV-revoked-verisign.html to see if they were revoked (they should be) in their CRL revocation...
View ArticleNew Post: OCSPRequest throws exception when certificate's algorithm is MD5
That's strange. I checked its Authority Info Access points "http://ocsp.sign.com" and made new OCSPRequest with X509Certificate2 and URI. Would you mind if I ask you to make OCSPRequest with counter...
View ArticleCreated Unassigned: Get-EnterprisePKIHealthStatus Error [86]
When I run Get-Ca | Get-EnterprisePKIHealthStatus -Debug -Verbose I receive the attached error. I'm running this command from an elevated PowerShell session on Windows 8.1 Enterprise. My PKI consists...
View ArticleNew Post: OCSPRequest throws exception when certificate's algorithm is MD5
I checked AIA extension of signing and counter-signer certificates in the MSCOMCTL.OCX file signature. Neither certificate contains OCSP URLs. Where did you get it?
View ArticleNew Post: Import-Module pspki take long time as system account
Hi, if I import as SYSTEM account the pspki module it toke over a minute. I can reproduce that on server 2012 R2. As a user it works fine in a few seconds. Any idea? With "procmon" you can see that...
View ArticleNew Post: Import-Module pspki take long time as system account
I think, the delay is caused by a script signature validation process.
View ArticleNew Post: Import-Module pspki take long time as system account
Hi Camelot, do you know how to disable that?
View ArticleNew Post: Import-Module pspki take long time as system account
No, it is impossible to disable digital signature validation procedure.
View ArticleNew Post: Import-Module pspki take long time as system account
What can I do to speed up that process? As a user it is no problem. On a server 2008 R2 it is also no problem as System account. Any idea?
View Article