Udit
Udit 21.05.2019 22:35 (GMT+3) How to encode Object Identifier to an ASN.1 DER encoded string

Thank you so much!

Vadims Podāns
Vadims Podāns 09.05.2019 23:29 (GMT+3) Certificate Autoenrollment in Windows Server 2016 (part 2)

> Does Windows attempt renewal in this case?

nope. At the point when CA certificate has expired, client certificate is expired too (because client certificate's validity cannot exceed issuer's validity). Expired and revoked certificates are not subjects for renewal. Only initial request is possible in this case.

Miguel
Miguel 09.05.2019 22:44 (GMT+3) Certificate Autoenrollment in Windows Server 2016 (part 2)

Hi Vadims,

What happens with a user certificate that is issued by a CA using a template that was configured for automatic renewal, adn the CA cert expires. Does Windows attempt renewal in this case?

Vadims Podāns
Vadims Podāns 16.04.2019 21:56 (GMT+3) PowerShell PKI module v3.0 (part 3)

> Is your lib capable of building this stuff from scratch as well.

not yet. I have only basic PKCS#7 decoder support and recognize only PKCS#10 embedded requests.

emden09
emden09 16.04.2019 10:11 (GMT+3) PowerShell PKI module v3.0 (part 3)

Hy Vadim,

Ur just writing about analyzing PKCS7 encoded enveloped Objects. Is your lib capable of building this stuff from scratch as well. I.E. I want to build a SCEP-Request, where the PKCS10 has to be stored symterically encrypted by lets say DES-CBC wnd the DES-CBC-Key has to be Asymetrically encryptet by lets say RSA all that stuff has to packed as enveloped data PKCS7 and being signed as a PKCS7 data-blob around it. I tried getting that done with Windows-System.Security.Cryptography as well as with BouncyCastle and failed after all because Windows (as you said does NOT provide the stuff I need and BC is providing it withing JCE-Part of the lib which is only available to Java. So when finding your lib I hoped to be there. Just not finding any Doku abt. Building PKCS7 from scratch.

kind regards
Michael