Posts on this page:

Recently I faced an interesting issue with unmanaged structure definitions that contains unions. Unions allow one portion of memory to be accessed as different data types. Here is a CERT_ID structure definition in C++ that uses an anonymous union (exact my issue):

Read more →

Hello, everyone! Today I’m feeling good as Flyers eventually managed more than 2 goals per game and Lecavalier set up a hat-trick against Isles. Big WIN! So, I’ll continue Certification Authority backup API coverage and usage in PowerShell.

In the previous post we learned what functions are used for CA backup, their sequence and ended with CA database location retrieval. Today we will continue the backup process and today’s post will cover:

  • Database backup
  • Identification of log files to be backed up
  • Log file backup
  • CA Configuration backup
  • CA key backup

    Database file backup

    Let’s move forward. We have a $DBPaths variable that holds CA database location. Note that database location is specified in an UNC form (\\serverNameFQDN\C$\Windows\CertLog, for example). We need to pass this path to three functions:

Read more →

Hello S-1-1-0!

Recently I noticed that PowerShell in Windows Server 2012 R2 ships two new cmdlets: Backup-CARoleService and Restore-CARoleService which are used to backup and restore CA database and CA keys. Today I want to talk about CryptoAPI functions utilization to backup CA database in PowerShell.

Backup step-by-step guide

Although, backup process isn’t looking very complex, however CryptoAPI implements a number of detailed (low-level) functions which must be called in a certain sequence. Here is a copy of the article that explains the correct sequence:

Read more →

In this post I will discuss about non-standard string comparison in Certification Authority database queries. This post will focus on my PowerShell PKI module and queries in the CA database. The module contains the following commands that support CA database queries:

Request filters support the following comparison (seek) operators:

Read more →

Recently I wrote a sample function which allows security administrators to dump trusted root certificates from Microsoft web site.

Microsoft maintains a number of predefined trusted root CAs which are members of Microsoft Root Certificate Program. Here are several useful links on TechNet wiki:

In addition, update mechanism is described here: KB931125.

Generally speaking, Microsoft maintains a special certificate trust list (CTL) which is located here. This CTL contains hashes and extended properties for each member of the root certificate program. Also, each certificate is downloadable at:

Read more →