Contact Us

PKI Guides and Best Practices

What Are X509 Certificates?

What Are X.509 Certificates?

You’ve probably seen us mention X.509 certificates many times in different blogs and pages on our site, but what exactly are they? What makes a certificate an X.509 certificate? Is an X.509 certificate any different from an SSL certificate?

How to prevent SSL outages

How to Prevent SSL Outages

Automating SSL Certificate Management removes the inevitable human error associated with almost every SSL outage. Keep reading, follow these steps, and you’ll significantly reduce the likelihood of any SSL certificate outages in the future.

What are HSMs? Why are Hardware Security Modules important?

What Are Hardware Security Modules (HSMs) and Why Are They Important?

HSMs provide a dedicated, secure, and tamper-resistant environment for managing cryptographic keys, performing encryption and decryption operations, and automating key lifecycle management. In this article, we will delve into the fundamentals of HSMs, why they are crucial in modern cybersecurity, their relevance within the context of existing solutions, and how various industries leverage them.

Why You Need To Monitor Your SSL Certificates

What is SSL Monitoring? Why is SSL Monitoring Important?

SSL monitoring, also referred to as SSL certificate monitoring, is the ongoing process of checking and validating SSL certificates and their configurations on websites and services. But why is SSL monitoring important? Click here to find out!

What is a Certificate Authority Authorization? Why is a CAA Important?

What is a Certificate Authority Authorization (CAA)?

CAA stands for Certificate Authority Authorization (try saying that five times fast), but don't let that mouthful throw you off. In this blog, we go over the fundamentals of what a CAA is and why a CAA is so important in your PKI journey.

What is a CRL / What is a Certificate Revocation List?

What is a CRL (Certificate Revocation List)?

In the digital world, the security of communications, especially online transactions, is incredibly important. A significant aspect of this security revolves around digital certificates; like all things digital, however, certificates can sometimes become compromised. This is where a Certificate Revocation List (CRL) becomes essential. In this blog, we'll delve deep into the concept of a CRL, its significance, its working mechanism, and even touch upon creating one.

ADCS in Azure How to protect your Private Keys with Azure Key Vault or dedicated HSM

How to Set Up Azure Certificate Authority with Azure Key Vault

With the move to the cloud, people are looking for ADCS alternatives in Azure. In this article, we will show you how to set up a PKIaaS Azure Certificate Authority with Azure Key Vault or dedicated HSM.

How to enable client certificate authentication in Azure API Management Service

How To Set Up Client Certificate Authentication in Azure API Management Service

Client certificate authentication is one of the most secure ways for customers to authenticate into your APIs. In this blog, we will show you how to set up client certificate authentication with automatic certificate rotation in Azure API Management Service.

How to use Intune SCEP to get SSL certificates for your Intune managed devices

Intune SCEP – How to Get SSL Certificates

With the ability to issue SCEP certificates for Intune, organizations can now use passwordless authentication for their VPN, network infrastructure and more, all without the need for a large on-premises infrastructure, thus eliminating the need for domain controllers, certificate authorities, hardware security modules (HSMs), certificate revocation list (CRL) servers, and SCEP servers. Check out our blog on how Intune works with SCEP to learn more about the basics behind this.

How to set up Intune PKI

How to Set Up Intune PKI

Microsoft said for years that they would create and offer a PKI for Intune; unfortunately, they could not do it. Instead, Microsoft recommends that organizations use EZCA to set up an Intune PKI. Read on to learn exactly what you need to do to set up an Intune PKI with EZCA.

What are Certificate Transparency Logs and Why are CT Logs Important?

What Are Certificate Transparency Logs and Why Are They Important?

CT logs play a crucial role in detecting and mitigating security incidents related to certificate issuance, benefiting both end-users and organizations relying on secure communication. But what exactly are they, and why should you take note of them?

How to Choose the Right Certificate Authority Hierarchy

What is Certificate Authority Hierarchy and Which CA Hierarchy Should I Use?

The world of CA hierarchy and design is a complex one – but it doesn’t have to be. The implementation of proper certificate authority hierarchy and design is key to secure communication across your organization.

How Does Intune Work With SCEP?

How Does Intune Work with SCEP?

SCEP (Simple Certificate Enrollment Protocol) can be used in conjunction with Microsoft Intune, a cloud-based endpoint management solution, to facilitate the deployment and management of digital certificates on devices managed by Intune. But how does Intune work with SCEP? Read on to find out.

What is the difference between a Root CA and an Issuing/Subordinate CA?

What is the Difference Between a Root CA and an Issuing CA?

Root certificate authorities and issuing/subordinate certificate authorities are vital to CA design, particularly in a Two-Tier Hierarchy. So, what are they and what makes them so important?

How Does Intune Work With SCEP?

What is SCEP and How Does it Work?

Simply put, SCEP is a protocol used to automate the issuance and management of certificates within a Public Key Infrastructure (PKI) environment. But how does it work, and why should you and your organization care? Read on to find out everything you should know about what SCEP is.

What is the difference between a private and public CA?

Public vs Private CA - What’s the Difference?

PKI is based on trust - clients must be able to trust the root CA in order to build a chain of trust and accept a certificate. Not only is trust the key to PKI, but it is also the key to understanding public vs private certificate authorities.

Stop Blindly Trusting RDP Servers with Trust on First Use (TOFO)

How To Create RDP SSL Certificates for Azure VMs

While Remote Desktop Protocol (RDP) is a convenient and efficient way to access remote systems, if it is not properly administered, it can be vulnerable to some attacks such as Man-In-The-Middle attacks caused by using the Trust on First Use (TOFU) model. In this blog post, we will discuss why RDP TOFU is a bad security model and why organizations should use SSL certificates instead.

EZCA The First ACME CA with ADCS Support

Enable ACME in Your Private PKI

With the move to the cloud, the days of manually managing SSL certificates are gone. Now, Most organizations are moving to the ACME protocol. An easy to use protocol that automatically renews your SSL certificates preventing costly outages while freeing your engineers time to focus on other critical tasks.

Certificate Transparency Logs Explained

What Are Certificate Transparency Logs?

As with many security tools, the origin of certificate transparency logs can be traced back to a cyberattack. The attack that can be credited with the creation of CT Logs is the 2011 DigiNotar attack. Now, Certificate Transparency logs enable organizations to have full visibility to all certificates issued for their domains.

Automatically rotate AAD Application certificates

How to Automatically Rotate AAD Application Certificates

With the exponential growth of online services, it has become impossible to manually rotate application certificates. Learn how you can automate your AAD Application certificate rotation with the new automatic Azure AD certificate rotation from EZCA.

Stop attackers before they start with CAA

How to Protect SSL Certificates From Unauthorized Issuance

Stolen subdomains are a hot commodity in the black market, CAA records can help you protect your organization from this scary vulnerability by limiting SSL Certificate issuance to your organization only. learn more on how to set it up.

Modernize ADCS with EZCA and Azure

Get ADCS Ready for Cloud Scale

ADCS has been the go to Certificate Authority for over two decades, while it is secure and reliable, it does not meet the cloud needs that organizations now have. EZCA enables you to modernize your existing ADCS PKI by extending it and adding modern protocols such as REST API, Azure Key Vault integration, Azure IoT integration, and ACME

IoT devices are under attack

IoT is Under Attack!

The number of deployed IoT Devices is growing exponentially, and so are the cyber-attacks geared against IoT. The first large scale IoT device attack was Mirai botnet bringing down a large part of the internet. How did the attacker gain control over thousands of IoT devices? It was simply a hard coded credential that gained them access into the device's Operating System.