Hello folks, sorry for delayed post, one of my SSD disk suddenly dead and I was busy with data recovery.

In the previous post we discovered main interfaces and methods to retrieve Online Responder array settings and revocation configurations. Today we will learn how to use them to delete existing revocation configuration and add a new one.

Deleting existing revocation configuration

In the previous post you noticed that my OCSP server has configured one revocation configuration named “test”. Consider when we don’t need this particular configuration (say, associated CA was decommissioned). We can delete it by calling IOCSPCAConfigurationCollection::DeleteCAConfiguration method and applying changes by calling IOCSPAdmin::SetConfiguration method.

Hello S-1-1-0, CryptoGuy is back again. Recently I spent a lot of time on PowerShell Cmdlet Help Editor enhancement and didn’t had enough time to write new posts. Now I’m making a break and will continue blogging. Today I open a post series about managing Microsoft Online Responders (OCSP) with PowerShell.

Underlying API

Microsoft implemented OCSP server management via a number of COM interfaces which are directly instantiable:

• IOCSPAdmin (progID: CertAdm.OCSPAdmin)
• IOCSPPropertyCollection (progID: Certadm.OCSPPropertyCollection)

Getting basic information

At first we will start with service availability by calling IOCSPAdmin.Ping method:

Today I released a new version of PS Cmdlet Help Editor which doesn’t introduce any code updates. However, it introduces significant UI update. Previously, I used fixed-sized editor fields:

On large (and wide) displays a lot of window space is not used. For example, on 22” displays editor fields occupies only half of display area. I checked some good articles about layout options in WPF and found that there is a great option to make dynamic layout with Grid control, which allows to expand nested controls along with display size expansion. Here is an example of a new layout:

Yesterday I published another version of my PowerShell PKI module.

Reached milestone

At first, I want to announce an important notice about this release. This release is the latest release that is compiled (underlying API in PKI.Core.dll) under .NET Framework 2.0. Next release will require .NET Framework 4.0, because I want to get rid of some internal helpers and replace them with LINQ expressions, also I’d like to utilize new features in .NET 4.0 itself.

In addition, this release is the latest release that respects certification authorities that run on Windows Server 2003-based computers. New commands (which will be added in future releases) will not guarantee Windows Server 2003 support.

Existing changes

The following changes are made in existing commands (without breaking their behavior or syntax):

Time by time I receive questions about alternate signature algorithms. What is the difference between them and what benefits are in an alternate signature algorithms.

As per TechNet article:

For certificates based on RSA algorithms, PKCS #1 v2.1 specifies separate object identifiers for the hash algorithm and for the asymmetric algorithm. (In PKCS #1 v.1.5, only one object identifier is used to identify both the hash and asymmetric algorithms.) In addition, if you select the alternate signature format for certificates based on RSA algorithms, an enhanced cryptographic formula is used to create the signature.

Generally speaking, alternate signature algorithm (signature format) just allows to specify additional details about how signature is constructed.