Chinmai 24.01.2022 21:04 (GMT+2) Digital signatures and timestamps

Do applications work after both the signer certificate and timestamp certificate expire?

Who is responsible to renew timestamp certificate? 

Praveen 19.01.2022 05:25 (GMT+2) Export and import certificate templates with PowerShell

Hi Vadims - Thanks for this post. I have a question on cross forest enrollment.

We have two way trust between the resource (has the root and issuing CA) and account forest. I am trying to copy one template from resource to account forest running pkisync.ps1 but get write error. I can see template created in account forest but its incomplete. The account used has full permissions on Certificate Template and OID containers in AD. I also tried creating the template manually directly on account forest with same name and properties but the server in account forest cant see the template in MMC for enrollment. It is unavailable and error is "The requested certificate template is not supported by this CA. A valid certification...."

The template in resource forest is added to the issuing CA and being used for enrollment by servers in resource forst. When creating manually the oid is different to one in resource forest. Does the oid need to be same between resource and account forest in this case?

joshua thorpe
joshua thorpe 11.01.2022 17:46 (GMT+2) Bulk file signing with PowerShell and user interface

You are a hero, thank you so much for posting this code, I have been trying to figure out a way to do this and I was unable to do so. I had to make a few small changes to get it working under powershell 5.0 on Windows 10 21H2, however after these changes were made it works flawlessly. 

The changes which I made were below: 

Change 1: 
 I changed line 41 to this (As Per Daniel in an above comment) :
$Thumbprint = $CertMapping[$ComboBox.SelectedItem]
$cert = $Certs.Find("FindByThumbprint", $Thumbprint, $false)[0]
$status = Set-AuthenticodeSignature -FilePath $file.FullName -Certificate $cert -TimestampServer $Timestamp -HashAlgorith SHA256

Change 2:
Declare $cert as a global variable to make the "view certificate" button work. Signing works without this but viewing the cert does not. 


Vadims Podāns
Vadims Podāns 11.01.2022 11:26 (GMT+2) How to convert PEM to PFX in PowerShell (revisited)

Hello Shiva, please check updated version. There was a bug in the script and I believe it is now fixed.

Shiva 11.01.2022 10:11 (GMT+2) How to convert PEM to PFX in PowerShell (revisited)



Really appreciate sharing this info.  I am using this example to convert a private key but in this case, the length of the key is 3072 and it is ending an error  when executing the following code:
    [byte[]]$bitLen2 = Invoke-Expression 0x$([int]$bitLen.Substring(2,2))

Cannot convert value "0C" to type "System.Int32". Error: "Input string was not in a correct format."
At C:\Users\kirashiv\Documents\CertRequest\codesign_2022\CertModule.ps1:231 char:47
+ ... byte[]]$bitLen1 = Invoke-Expression  0x$([int]$bitLen.Substring(0,2))
+                                              ~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidArgument: (:) [], RuntimeException
    + FullyQualifiedErrorId : InvalidCastFromStringToInteger
0x : The term '0x' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is 
correct and try again.
At line:1 char:1
+ 0x
+ ~~
    + CategoryInfo          : ObjectNotFound: (0x:String) [], CommandNotFoundException
    + FullyQualifiedErrorId : CommandNotFoundException


Can you please advise what can be done to add support for increased key length?