All posts tagged Certification Authority

Mastering Certificates with Intune Training Course

I’m excited to announce I’ll present a three-day LIVE online training event covering all things Microsoft Intune and certificates. This training event takes place on the ViaMonstra online academy May 14-16, 2024.

Course Material

This training course comprehensively examines all aspects of delivering certificates using Microsoft Intune, including common deployment scenarios, PKCS and SCEP configuration, Intune certificate connector configuration, high availability strategies, implementation and security best practices, and troubleshooting.

Cloud PKI

Cloud PKI, a new cloud-based PKI-as-a-Service solution from Microsoft, will also be covered in depth. I’ll provide an overview of the service and discuss the advantages and limitations of Cloud PKI. We’ll also cover different configuration and deployment scenarios, including Bring Your Own CA (BYOCA). In addition, I’ll share security best practices for Microsoft Cloud PKI deployments.

Register Now

Space is limited, so don’t miss out on this excellent opportunity to learn about these critically essential technologies. Reserve your spot in this training class today!

Additional Information

Mastering Certificates and Microsoft Intune

Microsoft Cloud PKI

ViaMonstra Online Academy

1 Comment
by Richard M. Hicks on March 4, 2024  •  Permalink
Posted in Active Directory Certificate Services, AD CS, ADCS, administration, Always On VPN, AOVPN, authentication, Azure, Azure Active Directory, Azure AD, Certificate Authentication, Certificate Authority, Certificate Connector for Intune, Certificate Services, certificates, cloud, Cloud PKI, Cloud Service, Cryptography, Deployment, Device Management, Encryption, Endpoint Manager, Enterprise, enterprise mobility, Entra, Entra ID, High Availability, Infrastructure, InTune, Intune Certificate Connector, Intune PFX Connector, MDM, MEM, MEMCM, MFA, Microsoft, Microsoft Endpoint Manager, Microsoft Entra, Microsoft Intune, Mobile Device Management, Mobility, Multifactor Authentiction, NDES, Network Device Enrollment Service, Network Device Enrollment Services, PFX Connector, PKCS, PKI, public cloud, public key infrastructure, Remote Access, SCEP, Security, Simple Certificate Enrollment Protocol, TLS, Training, troubleshooting, Windows 10, Windows 11, Windows Server 2016, Windows Server 2019, Windows Server 2022
Tagged , , , , , , , , , , , , , , , , , ,

Posted by Richard M. Hicks on March 4, 2024

https://directaccess.richardhicks.com/2024/03/04/mastering-certificates-with-intune-training-course/

Always On VPN and the PSPKI PowerShell Module

Certificates are a crucial part of a secure Always On VPN implementation. Certificates are phishing-resistant forms of authentication that, when configured correctly, provide robust and multifactor authentication for remote access users and devices.

AD CS

Most commonly, certificates are issued by an on-premises Microsoft Active Directory Certificate Services (AD CS) server. Administrators configure and deploy a Certification Authority infrastructure to issue and manage user and device authentication certificates in their organization. CA certificates are also required on the VPN server to support Always On VPN device tunnel connections and IKEv2 user tunnel connections. The NPS server also requires an enterprise CA certificate. Of course, the CA can issue certificates for other purposes, including Wi-Fi authentication, document signing, and code signing, just to name a few.

PSPKI

PSPKI is a PowerShell module available in the PowerShell Gallery for configuring, managing, and troubleshooting Microsoft AD CS. Created by Vadims Podans of PKI Solutions, PSPKI includes over 100 functions for various AD CS and certificate-related tasks. Always On VPN administrators will find this PowerShell module helpful when configuring and troubleshooting certificate-related issues for their Always On VPN deployments.

Note: The AD CS remote server administration tools (RSAT) must be installed to access all of the PSPKI module’s functionality.

Installation

Run the following PowerShell command to install the PSPKI PowerShell module.

Install-Module -Name PSPKI

Always On VPN and PSPKI

Always On VPN Administrators will immediately find a few PSPKI functions helpful when implementing and supporting Always On VPN.

Test-WebServerSSL – This function will connect to a remote web server and display details about the TLS certificate included in the response. This can be especially helpful when troubleshooting SSTP VPN connections.

Convert-PfxToPem – This is a handy utility for converting a PFX file to the PEM format. This is commonly required when importing CA certificates on non-Microsoft platforms, security devices, and load balancers.

Convert-PemToPfx – Occasionally, administrators must convert a certificate and private key in PEM format to PFX to install on a Windows server. This tool allows administrators to perform this task easily.

Get-CertificationAuthority – This function quickly enumerates all enterprise CA servers and displays information about their hostname, accessibility, service status, and type.

Ping-ICertInterface – This function helps troubleshoot CA connectivity issues. Administrators can quickly determine if a CA is reachable and capable of issuing a certificate using this command.

Get-CaTemplate – This command displays a list of certificate templates published on the specified target CA server. The certificate template’s display name and the minimum support CA version are provided. In addition, the output indicates if certificate autoenrollment is enabled on the template.

Much More

The PSPKI PowerShell module for AD CS has many tools for configuring and managing AD CS. PSPKI recently received a major update to version 4.0. Download and install PSPKI today. It will make your life easier, I can assure you!

Additional Information

PSPKI PowerShell Module – PowerShell Gallery

PSPKI PowerShell Module – GitHub

AOVPNTools PowerShell Module – PowerShell Gallery

AOVPNTools PowerShell Module – GitHub

InboxAccountingDatabaseManagement PowerShell Module

InboxAccontingDatabaseManagement – PowerShell Gallery

InboxAccountingDatabaseManagement – GitHub

4 Comments
by Richard M. Hicks on June 20, 2023  •  Permalink
Posted in Active Directory, administration, Always On VPN, AOVPN, authentication, certificates, Deployment, Encryption, Enterprise, enterprise mobility, GitHub, IKEv2, Infrastructure, Microsoft, Mobility, Multifactor Authentiction, NPS, Operational Support, PEAP, PKI, PowerShell, Protected EAP, public key infrastructure, Remote Access, routing and remote access service, RRAS, Secure Socket Tunneling Protocol, Security, SSL, SSL and TLS, SSTP, systems management, TLS, Transport Layer Security, troubleshooting, Update, user tunnel, VPN, Windows 10, Windows 11, Windows Server 2012 R2, Windows Server 2016, Windows Server 2019, Windows Server 2022
Tagged , , , , , , , , , , , , , , , , , , , , , , , , ,

Posted by Richard M. Hicks on June 20, 2023

https://directaccess.richardhicks.com/2023/06/20/always-on-vpn-and-the-pspki-powershell-module/

« Older Posts
Newer Posts »