Contact Us

PKI Guides and Best Practices

What are the FedRAMP High PKI and Certificate Management Requirements

What are the PKI and Certificate Requirements for FedRAMP High

FedRAMP High requires stringent security measures for PKI and certificate management. Learn how to meet these requirements and secure your cloud infrastructure.

How To Setup Cloud RADIUS for Microsoft Cloud PKI Intune in Azure

Cloud RADIUS for Microsoft Cloud PKI Intune – Setting Up Microsoft Cloud PKI with RADIUS

Learn how to set up Cloud RADIUS for Microsoft Cloud PKI in Azure. This guide will walk you through the process of setting up Intune with RADIUS for your organization.

How To Setup Cloud RADIUS for SCEPman in Azure

Cloud RADIUS for SCEPman – Setting Up SCEPman with RADIUS

Learn how to set up Cloud RADIUS for SCEPman in Azure. This guide will walk you through the process of setting up SCEPman with RADIUS for your organization.

How to Use IoT Device Certificates to Authenticate into Azure IoT Hub

How to Secure Automotive IoT Device Authentication in Azure

The automotive industry is rapidly adopting IoT devices for a variety of applications. But how can you secure these devices in Azure? This blog shows you how to use IoT device certificates to authenticate in Azure.

Best PKI Consultants for The Modern Enterprise and Passwordless Authentication Built by ex-Microsoft Cloud PKI Engineers

Best PKI Consultants for The Modern Enterprise and Passwordless Authentication

If you are looking for the best PKI consultants for the modern enterprise, look no further. Keytos is the best option for organizations looking to button-up their security best practices around Running PKI and Passwordless Authentication. We have been running PKI for large organizations for years and have the expertise to help you with your PKI needs.

What is the Best Microsoft Cloud PKI Alternative for Azure and Intune?

What is the Best Microsoft Cloud PKI Alternative?

Are you looking for the best Microsoft Cloud PKI alternative for Azure and Intune? Look no further! This blog post will guide you through the selection process and introduce you to EZCA, the first Azure-native CA designed with Intune SCEP in mind!

What is Extensible Authentication Protocol (EAP)? EAP-TLS vs. EAP-TTLS/PAP are they the same?

What is Extensible Authentication Protocol (EAP)? EAP-TLS vs. EAP-TTLS/PAP

In the quest to safeguard your organization's WPA2-Enterprise network, the arsenal of protocols at your disposal is vast. Yet, among these, the Extensible Authentication Protocols (EAP) emerge as the preeminent choice for a substantial number of enterprises. Let’s delve into an examination of the two most prevalently employed EAP protocols, aiming to highlight the merits of each and thereby assist you in making an informed selection most befitting your organizational needs.

How to set up a Cloud CA for Intune and Jamf Pro

Does Microsoft Cloud PKI Support Jamf Pro?

Looking to set up an Cloud PKI with Microsoft Cloud CA but also use Jamf Pro? Read on to learn to see what are your best options for issuing SCEP certificates to your devices.

How to Monitor Certificate Transparency Logs and Meet PCI Compliance

The Comprehensive Guide to Certificate Transparency Logs and SSL Monitoring

Certificate Transparency logs and SSL monitoring are essential for maintaining the integrity and availability of web services. Learn how to monitor CT logs and SSL certificates to prevent outages and security incidents.

Azure PKI is the best CA for Azure IoT Hub

Best Cloud PKI for Azure IoT Hub

Developing IoT Devices is hard, securing the connection to the cloud should not be, learn how you can create a certificate authority for Azure IoT Hub in Azure in minutes and use EZCAs APIs to manage certificates for your devices

What are the best ssh certificate authorities for SSO to SSH

The Top SSH Certificate Authorities Ranked

SSH has become a target in the latest round of security breaches. Learn how you can implement SSH Certificates with some of the best SSH Certificate Authorities.

How to setup Azure IoT Hub Cloud PKI in Azure

IoT Device PKI - Certificate Management Made Easy with EZCA

IoT devices require a new breed of certificate management solutions. EZCA represents a significant step forward, offering a purpose-built tool that addresses the needs of modern security practitioners.

How to do Wi-Fi Certificate-Based Authentication (CBA) Using EAP-TLS and RADIUS

How to do WiFi CBA with RADIUS and EAP-TLS

EAP-TLS Wi-Fi CBA is widely recognized as the most secure method for network authentication in WPA2 and WPA3 Enterprise Wi-Fi environments, especially when compared to the traditional, password-based Wi-Fi authentication methods. This is due to several key advantages.

How to set up an Intune certificate authority (CA)

How to Create Self-Service User Certificates for Non-Managed Devices

The easiest way to create user or device certificate it is with an MDM such as Intune. But what if you have non-MDM managed devices? Learn how to create certificates for non-MDM managed devices with a self-service portal.

How to Setup a Certificate Authority Following Best Practices for PKI

How to Setup a Certificate Authority Following Best Practices

Explore PKI best practices, from setting up a two-tier CA hierarchy to utilizing HSMs and OCSP. Discover easy certificate distribution and management with cloud-based solutions.

Azure Key Vault Automatic Certificate Rotation for private SSL certificates

Azure Key Vault Automatic Certificate Rotation

Learn how to avoid outages by automatically rotating your private SSL certificates in Azure Key Vault with EZCA and the automatic Azure Key Vault and AAD Application Rotation.

What is PKI Authentication? How Does Certificate Authentication Work?

What is Certificate Authentication? How Does Certificate Authentication Work?

Are you wondering what PKI authentication is and how it works? In this blog, we'll run through what PKI authentication is and how it works, as well as the benefits and drawbacks of PKI authentication.

How to Set Up an SSH Certificate Authority in Azure and start issuing ssh certificates for SSO to SSH

Setting Up an SSH Certificate Authority (CA)

SSH certificates are an evolution of traditional SSH keys. Instead of using individual keys for authentication learn how to set up an SSH Certificate Authority in Azure.

What Is The Importance of CT Log Monitoring and how to monitor Certificate Transparency logs

What Is The Importance of CT Log Monitoring

CT logs is the secret tool that helps you detect and mitigate security incidents related to certificate issuance. Learn more about how to monitor CT logs and why it's important.

Does Azure Have a Private Cloud Certificate Authority?

Does Azure Have a Private Cloud Certificate Authority?

In this blog we look at the options for deploying a private cloud certificate authority in Azure. We also discuss the pros and cons of Microsoft's Cloud PKI solution and the best alternative to it.

How to use certificate authentication in Azure IoT Hub with a cloud-based Certificate Authority

How to Set Up Cloud-Based CA for Azure IoT Hub

Discover the importance of certificate-based authentication for Azure IoT Hub and the benefits of cloud PKI for seamless IoT device security. Learn how automatic certificate rotation and a managed Certificate Authority streamline device management and enhance security.

How Certificate Transparency Log Monitoring Can Prevent Man-In-The-Middle (MITM) Attacks

How Do SSL Certificates and SSL Certificate Monitoring Prevent MITM Attacks?

Explore the vital role of SSL/TLS certificates and SSL monitoring in preventing man-in-the-middle (MITM) attacks, safeguarding online transactions, and protecting organizational security. Learn how these measures encrypt communications, authenticate server identities, and ensure data integrity, establishing a secure and trusted connection.

Cloud PKI Azure Key Vault. ADCS in Azure - How to protect your Private Keys with Azure Key Vault or dedicated HSM.

Setting Up Cloud PKI with Azure Key Vault

With the move to the cloud, people are looking for ADCS alternatives in Azure. In this article, we will show you how to set up a Cloud PKI with Azure Key Vault or dedicated HSM.

Microsoft Cloud PKI for Intune - Best Alternatives

What are The Best Microsoft Cloud PKI Alternatives?

You probably saw the new Microsoft Intune PKI announcement and like most people were shocked by the price and lack of features. Int this page we talk about what are the best alternatives to Microsoft Intune PKI?

How to authenticate WiFi with certificates and Radius

WiFi Certificate Authentication – How it Works

In today’s fast-paced digital age, securing wireless networks is critically important. The implementation of Wi-Fi certificate authentication stands out as an essential method that enhances network security and user accessibility.

How ManageEngine and SCEP work together

How Does ManageEngine Issue Certificates Through SCEP?

SCEP works alongside ManageEngine, a cloud-based solution for endpoint management, to help with the distribution and management of digital certificates managed by ManageEngine. But, how? This blog aims to answer that age-old question!

Stop Blindly Trusting RDP Servers with Trust on First Use (TOFU)

How To Create RDP SSL Certificates for Azure VMs

While Remote Desktop Protocol (RDP) is a convenient and efficient way to access remote systems, if it is not properly administered, it can be vulnerable to some attacks such as Man-In-The-Middle attacks caused by using the Trust on First Use (TOFU) model. In this blog post, we will discuss why RDP TOFU is a bad security model and why organizations should use SSL certificates instead.

How Does Intune Work With SCEP? SCEP Meaning.

What is SCEP? How Does SCEP Work?

Simply put, SCEP is a protocol used to automate the issuance and management of certificates within a Public Key Infrastructure (PKI) environment. But how does it work, and why should you and your organization care? Read on to find out everything you should know about what SCEP is.

Why You Need To Monitor Your SSL Certificates

How to Monitor SSL Certificates - Why is SSL Monitoring Important?

SSL monitoring, also referred to as SSL certificate monitoring, is the ongoing process of checking and validating SSL certificates and their configurations on websites and services. But why is SSL monitoring important? Click here to find out!

How can you get SSL/TLS certificates with ManageEngine SCEP?

How to Get SSL Certificates with ManageEngine SCEP

ManageEngine provides the capability to authenticate devices using SCEP certificates, offering a robust method for device security and facilitating passwordless device access. Getting these certificates, though, can be somewhat challenging. This blog will guide you through obtaining SSL certificates for ManageEngine managed devices.

How to stop attackers before they start with CAA records

How to Protect SSL Certificates From Unauthorized Issuance with CAA

Stolen subdomains are a hot commodity in the black market; CAA records can help you protect your organization from this scary vulnerability by limiting SSL Certificate issuance to your organization only. Learn more on how to set it up with this blog!

The Pros and Cons of Microsoft Cloud PKI

Is Microsoft Cloud PKI Good? The Pros and Cons of Microsoft's Cloud CA

Recently, Microsoft finally announced the release date for the Microsoft Cloud PKI! While this news seems exciting and game-changing on the surface, a deeper dive reveals quite a few flaws with this long-awaited service. In this blog, we will go through the pros and cons of Microsoft Cloud PKI to help you decide whether or not it’s worth it.

How to Use IoT Device Certificates to Authenticate into Azure IoT Hub

How to Use IoT Device Certificates to Authenticate to Azure

A question that we've been hearing more frequently is, "Can I use IoT device certificates to authenticate in Azure?" The TL;DR here is yes, you absolutely can! This blog will show you how.

How to Implement a Cloud PKI for Azure IoT with EZCA by Keytos

How to Create a Cloud PKI for Azure IoT with EZCA

Setting up a cloud PKI for Azure IoT has never been easier than it is now, thanks in part to innovative third-party PKI tools like EZCA! A quick glance at some of the benefits associated with implementing the cloud makes it very clear as to why so many organizations are migrating to the gold-standard in device security. From enhanced security via encryption, to scalability, to automation, all the way through to adherence to industry-specific compliance standards, anyone that's serious about IoT device security is taking proactive measures to get their cloud PKI set up with haste. In this blog, we're going to take a look at how to authenticate with certificates into Azure IoT Hub.

What you need to know about Microsoft Cloud PKI

Does Microsoft Have a Cloud Certificate Authority?

Did you know that Microsoft finally announced their plan to launch a Cloud PKI? Anyone with their "ear-to-the-ground" within the Azure Security community will tell you, they've been looking forward to this announcement for longer than they'd like to admit. Frankly, it's very surprising that this is the first time that Microsoft has decided to wade into the waters of cloud public key infrastructure. So, you'd think that the community would be incredibly enthusiastic about the announcement, right? Turns out, not so much. Check out this blog to learn more about Microsoft's Cloud PKI solution and the pros and cons associated with it!

How to create user certificates in Intune

How to Create Wi-Fi User Certificates in Intune

Have you been assigned to create User Certificates with Intune but don't know where to start? We feel your pain. Luckily, you've come to the right place! In this post, we will go over what you need and how to get it set up.

EZCA by Keytos is the Best ManageEngine SCEP Certificate Authority for your organization

What is the Best ManageEngine SCEP CA?

EZCA, a trusted ManageEngine CA partner, offers a secure, cloud-based certificate authority setup for ManageEngine SCEP. This integration with ManageEngine allows for efficient certificate distribution, utilizing strong cloud infrastructure. EZCA offers a scalable and reliable certificate authority service, specifically designed for today’s business environments. With EZCA, organizations can enhance the security of their mobile and endpoint devices, taking advantage of ManageEngine’s advanced cloud technologies. This partnership between ManageEngine and EZCA marks a significant advancement in organizational security. Read here about how EZCA is the best ManageEngine SCEP CA for your organization!

How to choose the right ManageEngine CA for devices - Keytos' EZCA makes MDM easy

How to Choose the Right ManageEngine CA for Device Management

Before choosing a third-party CA to integrate with ManageEngine, it’s important to first evaluate your organization’s specific goals and requirements. This involves identifying the types of devices and platforms that require support, the variety of certificates you plan to use, considerations for scalability and security, and any other aspects unique to your situation. Understanding your needs thoroughly makes it much easier to match them with the offerings and capabilities of potential CAs. Click here to learn about how to choose the right ManageEngine CA for device management!

The Importance of SSL Certificate Automation in Improving Your Organization's Security Posture

Why You Should Automate SSL Certificate Renewal

SSL certificates play a crucial role in securing network traffic and validating the identities of devices and applications across your organization; however, as the number of certificates an organization needs to manage increases, so does the complexity of managing them. SSL automation is a major part of our recommended PKI and SSL certificate management best practices. But what makes certificate automation so important? Click here to find out!

How to setup Azure IoT Hub CBA

How to Connect to Azure IoT Hub Using Certificates

Why should you use certificate-based authentication (CBA)? How does CBA work? What is the flow to create certificates for IoT devices? And, above all else, how do you set up Azure IoT Hub CBA? In this blog, we answer all of these questions and more!

How to set up an Intune certificate authority (CA)

How to Create an Intune CA

We love Microsoft, but let’s be real for a second - they don’t always deliver on their promises. For example, if you decided to listen to Microsoft from years ago and wait for them to release their CA for Intune, you would have to pray that scientists discover time travel so you can skip ahead 100 years to get it – and even then you’d be rolling the dice on it actually being ready to release. In the meantime, Microsoft recommends that organizations seeking an Intune CA use EZCA, the first cloud-based CA solution for Azure ever created, citing EZCA by Keytos as one of their approved third-party CA partners, a glowing endorsement. So now you’re probably wondering, "that’s great and all, but where can I learn how to set up an Intune CA with EZCA?" You’re in the right place! Let’s jump in, shall we?

How to get your legacy ADCS ready for the cloud

How to Get Your Microsoft CA Ready for the Cloud

Microsoft CA has been the go-to certificate authority for 20+ years; while it may be reliable and trustworthy due to its age, it simply does not meet the cloud requirements that organizations have today. With EZCA, you can modernize your existing Microsoft CA PKI by extending it and adding modern protocols. Click here to learn more.

Azure PKI is the Best SSL Certificate Automation Method

Azure PKI: the Best Way to Automate SSL Certificates

Azure PKI is a cloud-based Certificate Authority specially designed for Microsoft’s cloud platform, Azure. Its primary function is to facilitate the creation and management of digital certificates tailor-made for applications residing in the cloud. EZCA, our Azure PKI, does this through some really cool integrations like Azure IoT, Azure Key Vault, automatic AAD Application certificate rotation, and Sentinel. But what exactly can Azure PKI do for you? Click here to find out!

What is PKI? PKI definition

What is PKI and What Do You Need to Get Started?

PKI is a combination of hardware, software, policies, and standards that work together to provide a comprehensive framework for secure communications in the digital world. The general consensus in the cybersecurity world is that PKI is hard – here at Keytos, we beg to differ. PKI is actually easy! In this blog, we'll run through what PKI is and the best way for you to get started with it.

How do NDES and SCEP work together?

How NDES Works with SCEP

In the world of network security and certificate management, two prominent technologies often come to the forefront: Microsoft Network Device Enrollment Service (NDES) and Simple Certificate Enrollment Protocol (SCEP). Although these technologies are interconnected, they serve distinct roles within the digital landscape. Let's take a deeper dive into what each technology is and how they work hand-in-hand.

What is a Subordinate Certificate Authority? What is an Issuing CA?

What is a Subordinate CA? (What is an Issuing CA?)

In a Two-Tier PKI Hierarchy, which is the recommended structure employed in certificate management, two main types of certificate authorities (CAs) emerge: the root CA and the subordinate CA, also known as the issuing CA. While the root CA is the primary trust anchor and sits at the pinnacle of this hierarchy, the subordinate CA plays a more nuanced and specific role. In this blog, we will explore what exactly the role of the subordinate CA is.

What is a Root Certificate Authority? What is a Root CA?

What is a Root CA?

A root certificate authority, often referred to as the foundation of trust in your PKI system, is pivotal for authenticating a certificate chain. For this chain to be trusted, the root certificate must be embedded into the operating system's trusted root store. Check out this blog for an in-depth look at root CAs!

Use CAA Records to Protect Your SSL Certificates

Protect Your SSL Certificates with CAA Records!

Compromised subdomains are becoming increasingly valuable amongst hackers and other cyber criminals in the darker corners of the internet. How can you best protect your SSL certificates from being compromised? CAA Records. Check out this blog to learn how this straightforward solution proves to be a potent defense mechanism, emphasizing its potential to be a significant deterrent against future phishing threats.

How to Detect Shadow IT Certification Authorities

How to Detect Shadow IT Certificate Authorities

With the growth of certificate-based authentication, many organizations have found Shadow IT CAs run by engineers that needed certificates and did not use the company-approved private CA. These are usually not created with malicious intent, but instead, an engineer realizes that they need a certificate authority to create certificates for their authentication (either to their application, to a cloud service, or something else). Since they do not know who to talk to or if the organization has an internal Certificate Authority for this use case, they go ahead and create a certificate authority on their own. This is a major risk for you since certificate authorities – if not configured properly – can become huge vulnerabilities for your organization. Check out this blog to learn about the best way to detect and combat shadow IT certificate authorities.

SSL vs. TLS; the difference between SSL and TLS

The Difference Between SSL and TLS Certificates

A crucial security measure for organizations interacting with customers is safeguarding the data exchanged between both entities against external threats. If data integrity is compromised, it erodes the trust of customers or data recipients as their information becomes vulnerable. Leveraging SSL and TLS certificates ensures over-the-air data remains secure. In this blog, we will aim to clarify the mystique surrounding the difference between SSL and TLS certificates – if there is any.

Certificate Authority in Azure Key Vault – How to Protect Your Keys

How To Create a Microsoft CA in Azure Key Vault

As more and more systems are being moved from on-premises to the cloud, more people are considering how to move certificate authorities to Azure. Browsing through Microsoft forums from even years ago, we can see that people want such things as a new PKI that connects to Intune and Azure Key Vault and having Key Vault act as a KSP to run certificate authorities in the cloud. In this blog, we will run through some alternatives to run CAs in the cloud in order to best help your organization modernize its PKI.

Best Cloud PKI for Intune - EZCA

Cloud PKI for Intune – Microsoft's Top Pick: EZCA by Keytos

For the longest time now, the tech community been patiently waiting for our buddies at Microsoft to FINALLY build at Cloud PKI for Intune. But as the universe would have it, this vision didn't materialize. Shocking, I know. Luckily for us, Microsoft has graciously decided to shine its spotlight onto EZCA by Keytos — a revolutionary cloud-based PKI tailored for Intune. Built by ex-Microsoft Cloud PKI Engineers, EZCA is clearly the best option for organizations looking to button-up their security best practices around Intune certificates. If you're eager to upgrade your Intune PKI, keep on reading.

Windows ADCS Enable ACME support with EZCA

How to Enable ACME Issuance in Windows ADCS CA

You can now use the popular PKI protocol ACME to manage your ADCS (Active Directory Certificate Services) internal certificates with Keytos' EZCA. Allowing you to use your same certificate automation tools you use for your external certificates for your internal certificates.

What does Google's 90-day certificate rotation mandate mean for your organization?

90-Day Certificate Rotation Mandate from Google: Implications for the Modern Security Practitioner

If we’re being honest, Google has been bullying the internet into decisions for the better part of two decades (like Certificate Transparency Logs). Most recently, they announced that they’re mandating that all certificates need to be to be rotated every 90 days. This new policy has significant ramifications for identity engineers, and in this article, we will take a look into the implications of this mandate for everyday security practitioners.

What is a Private PKI? Why do you need a Private PKI? Private PKI Explained.

What is a Private PKI and Why Do You Need One?

Private PKI is basically an amalgamation of mechanisms using public key cryptography to verify the authenticity of users and devices. This infrastructure utilizes digital certificates, certificate authorities (CAs), and certificate revocation lists (CRLs) to remain operational. But not all PKIs are equal... This is where you’ll observe the differentiation and clear distinction between public PKIs and their private counterparts. This article will provide a quick outline the intricacies of a private PKI and let you know a little bit more as to why it might be good for your organization.

Create an Azure-based CA in minutes. Create an Azure-based Certificate Authority in minutes. How to Deploy a CA in Azure. How to Deploy a Certificate Authority in Azure.

How to Deploy a Certificate Authority in Azure

When moving to the cloud, one of the questions your security team will ask is, "How can I get an HSM (Hardware Security Module) backed Certificate Authority/PKI (Public Key Infrastructure) in Azure?" While there is no Certificate Authority as a service offered by Azure or Key Vault, we are happy to offer EZCA, an Azure based Certificate Authority that leverages Key Vault and Azure Dedicated HSM(s) to create cloud-native Certificate Authorities in Azure.

PKI Automation - Streamlining Digital Security - The Evolution of PKI Management

PKI Automation - Streamlining Digital Security - The Evolution of PKI Management

In today’s world, which is increasingly gravitating towards zero-trust principles, Public Key Infrastructure (PKI) stands as a pillar of trust. Yet, conventional methods of handling PKI often come with their fair share of issues and stumbling blocks, potentially leading to vulnerabilities and operational inefficiencies. However, there is a significant transformation underway - a shift toward automating PKI management. In this article, we'll examine the challenges inherent in traditional PKI management, explore the paradigm shift towards automation, and underline the advantages of adopting this innovative approach, with a particular focus on our tool, EZCA by Keytos, the only truly native Azure PKI.

The Best Intune SCEP Certificate Authority (Intune SCEP CA)

Best Intune SCEP Certificate Authority

Odds are you’ve landed here after the long and tedious exercise that is searching the Internet for the best Intune SCEP CA. We know that selecting the right Certificate Authority (CA) to issue Simple Certificate Enrollment Protocol (SCEP) certificates for Intune can be challenging, to say the least! With numerous vendors and factors to consider, how can you really be certain you’re making the right decision? Luckily, we’ve taken the guesswork out of the equation for you! This blog post aims to guide security developers by aligning key selection criteria with the remarkable features of EZCA, the first Azure-native CA designed with Intune SCEP in mind!

SSL Certificate Monitoring

The Best Way to Monitor SSL Certificates

Your organization has been running for years without needing an SSL management tool. Did you know that this is actually incredibly costly? Click here to learn all about the costs of not implementing an SSL management tool, as well as the best way to monitor SSL certificates.

What is a Public Certificate Authority?

What is a Public CA?

Public CAs are recognized third-party entities that satisfy the criteria set by leading certificate stores, including Microsoft, Apple, and Mozilla; due to this, devices’ operating systems inherently trust public CAs. This means that individuals within an entity don’t have to manually register their certificates, as the system already deems them trustworthy. Click here to learn more about public CAs, what they are used for and how to request one!

What is a Private Certificate Authority?

What is a Private CA?

Private CAs are predominantly employed for internal certificates, ensuring that the certificate doesn’t require external party validation. Typical applications of a private CA encompass internal websites, application, user, and device authentication. Click here to learn more about what a private CA is and why it is used.

Intune CA for Devices - MDM Made Easy by Keytos

Intune Certificate Authority for Devices – MDM Made Easy by Keytos

Most everyone responsible for managing devices access across their organization using Intune has eventually been stumped by a couple of questions. “What’s the best Certificate Authority for Intune?” and “How am I going to take care of all these dang certificates?” Luckily for you, we’ve created EZCA to help you modernize your PKI in minutes! Read on to find out how EZCA by Keytos can help make MDM painless!

ACME Protocol - is ACME Protocol Secure?

Is ACME Protocol Secure?

Cyber threats are ever evolving, and organizations constantly seek out streamlined solutions to protect their digital assets. That being said, protocols that automate secure processes are absolutely golden. Enter ACME, or Automated Certificate Management Environment. But the pressing question lingers, is the ACME protocol secure? Let's take a thorough look into ACME, its security features, some common misconceptions, and how it'll keep you secure.

The Difference Between CRL and OCSP (CRL vs OCSP)

CRL vs. OCSP - Certificate Revocation for the Modern Security Engineer

As certificate-based authentication continues to increase, ensuring that these certificates are valid and trustworthy is of extreme importance. Bad actors and threats are becoming increasingly sophisticated, so the way we monitor and validate certificates has needed to be developed to maintain the security of our precious data. In the following, we’ll explore what these protocols are, why they’re so important, how they’re different, and why the contemporary Security Engineer should become familiar.

What is ACME Protocol? Modern Use Cases for Certificate Automation & Management

What is ACME Protocol? Modern Use Cases for Certificate Automation & Management

ACME is an acronym that stands for Automated Certificate Management Environment, and when simplified to an extreme degree, it’s a protocol designed to automate the interaction between certificate authorities (CAs) and users' web servers. How can you use this to further improve your organization's handling of certificates? Read on to find out!

What is ACME? How Does ACME Prevent SSL Related Outages?

What is ACME & How Does It Prevent SSL Related Outages?

As the need for secure and compliant data transactions (of all sorts) continues to skyrocket, the use of SSL and TLS certificates has become increasingly prevalent. But what happens when certificates expire or don’t get renewed in a timely fashion? In an effort to nip this problem in the bud, ACME protocol was created. In this blog, we'll take a look into the details of ACME to understand how it helps in preventing SSL related outages.

Why You Need Third Party PKI Tools

Why You Need 3rd Party PKI Tools

Modern organizations, regardless of size, find themselves in an ongoing battle to safeguard their precious data from prying eyes and malicious actors. Central to this is PKI. When it comes to deploying PKI, organizations stand at a crossroad - should they tread the challenging path of manual, in-house certificate management or opt for the streamlined and efficient route provided by 3rd party tools? As we delve deeper into the world of PKI in this blog, you'll discover why choosing the latter could be the game-changer your organization needs.

What is OCSP (Online Certificate Status Protocol)?

What is OCSP?

OCSP stands for “Online Certificate Status Protocol.” As its name suggests, it’s a protocol specifically designed to check the revocation status of individual digital certificates. But how does it work and, more importantly, how does it impact your organization? Read our tell-all piece on OCSP to find out!

What Are X509 Certificates?

What Are X.509 Certificates?

You’ve probably seen us mention X.509 certificates many times in different blogs and pages on our site, but what exactly are they? What makes a certificate an X.509 certificate? Is an X.509 certificate any different from an SSL certificate?

How to prevent SSL outages

How to Prevent SSL Outages

Automating SSL Certificate Management removes the inevitable human error associated with almost every SSL outage. Keep reading, follow these steps, and you’ll significantly reduce the likelihood of any SSL certificate outages in the future.

What are HSMs? Why are Hardware Security Modules important?

What Are Hardware Security Modules (HSMs) and Why Are They Important?

HSMs provide a dedicated, secure, and tamper-resistant environment for managing cryptographic keys, performing encryption and decryption operations, and automating key lifecycle management. In this article, we will delve into the fundamentals of HSMs, why they are crucial in modern cybersecurity, their relevance within the context of existing solutions, and how various industries leverage them.

What is a Certificate Authority Authorization? Why is a CAA Important?

What is a Certificate Authority Authorization (CAA)?

CAA stands for Certificate Authority Authorization (try saying that five times fast), but don't let that mouthful throw you off. In this blog, we go over the fundamentals of what a CAA is and why a CAA is so important in your PKI journey.

What is a CRL / What is a Certificate Revocation List / What is CRL?

What is a CRL (Certificate Revocation List)?

In the digital world, the security of communications, especially online transactions, is incredibly important. A significant aspect of this security revolves around digital certificates; like all things digital, however, certificates can sometimes become compromised. This is where a Certificate Revocation List (CRL) becomes essential. In this blog, we'll delve deep into the concept of a CRL, its significance, its working mechanism, and even touch upon creating one.

Certificate Authority Azure Key Vault. ADCS in Azure - How to protect your Private Keys with Azure Key Vault or dedicated HSM.

How to Set Up Azure Certificate Authority with Azure Key Vault

With the move to the cloud, people are looking for ADCS alternatives in Azure. In this article, we will show you how to set up a PKIaaS Azure Certificate Authority with Azure Key Vault or dedicated HSM.

How to enable client certificate authentication in Azure API Management Service

How To Set Up Client Certificate Authentication in Azure API Management Service

Client certificate authentication is one of the most secure ways for customers to authenticate into your APIs. In this blog, we will show you how to set up client certificate authentication with automatic certificate rotation in Azure API Management Service.

How to use Intune SCEP to get SSL certificates for your Intune managed devices

Intune SCEP – How to Get SSL Certificates

With the ability to issue SCEP certificates for Intune, organizations can now use passwordless authentication for their VPN, network infrastructure and more, all without the need for a large on-premises infrastructure, thus eliminating the need for domain controllers, certificate authorities, hardware security modules (HSMs), certificate revocation list (CRL) servers, and SCEP servers. Check out our blog on how Intune works with SCEP to learn more about the basics behind this.

How to set up Intune PKI

How to Set Up Intune PKI

Microsoft said for years that they would create and offer a PKI for Intune; unfortunately, they could not do it. Instead, Microsoft recommends that organizations use EZCA to set up an Intune PKI. Read on to learn exactly what you need to do to set up an Intune PKI with EZCA.

What are Certificate Transparency Logs and Why are CT Logs Important?

What Are Certificate Transparency Logs? Why Are CT Logs Important?

CT logs play a crucial role in detecting and mitigating security incidents related to certificate issuance, benefiting both end-users and organizations relying on secure communication. But what exactly are they, and why should you take note of them?

How to Choose the Right Certificate Authority Hierarchy

What is Certificate Authority Hierarchy and Which CA Hierarchy Should I Use?

The world of CA hierarchy and design is a complex one – but it doesn’t have to be. The implementation of proper certificate authority hierarchy and design is key to secure communication across your organization.

How Does Intune Work With SCEP?

How Does Intune Work with SCEP?

SCEP (Simple Certificate Enrollment Protocol) can be used in conjunction with Microsoft Intune, a cloud-based endpoint management solution, to facilitate the deployment and management of digital certificates on devices managed by Intune. But how does Intune work with SCEP? Read on to find out.

Root CA vs Issuing CA; Root vs Issuing Certificate Authority

Root vs Issuing Certificate Authority - What is the Difference Between a Root CA and an Issuing CA?

Root certificate authorities and issuing/subordinate certificate authorities are vital to CA design, particularly in a Two-Tier Hierarchy. So, what are they and what makes them so important?

What is the difference between a private and public CA?

Public vs Private CA - What’s the Difference?

PKI is based on trust - clients must be able to trust the root CA in order to build a chain of trust and accept a certificate. Not only is trust the key to PKI, but it is also the key to understanding public vs private certificate authorities.

EZCA The First ACME CA with ADCS Support

How to Enable ACME in Your Private PKI

With the move to the cloud, the days of manually managing SSL certificates are gone. Now, Most organizations are moving to the ACME protocol. An easy to use protocol that automatically renews your SSL certificates preventing costly outages while freeing your engineers time to focus on other critical tasks.

Certificate Transparency Logs Explained

What Are CT Logs?

As with many security tools, the origin of certificate transparency logs can be traced back to a cyberattack. The attack that can be credited with the creation of CT Logs is the 2011 DigiNotar attack. Now, Certificate Transparency logs enable organizations to have full visibility to all certificates issued for their domains.

Automatically rotate AAD Application certificates

How to Automatically Rotate AAD Application Certificates

With the exponential growth of online services, it has become impossible to manually rotate application certificates. Learn how you can automate your AAD Application certificate rotation with the new automatic Azure AD certificate rotation from EZCA.

Modernize ADCS with EZCA and Azure

How to Get ADCS Ready for the Cloud

ADCS has been the go to Certificate Authority for over two decades, while it is secure and reliable, it does not meet the cloud needs that organizations now have. EZCA enables you to modernize your existing ADCS PKI by extending it and adding modern protocols such as REST API, Azure Key Vault integration, Azure IoT integration, and ACME.

IoT devices are under attack

IoT is Under Attack!

The number of deployed IoT Devices is growing exponentially, and so are the cyber-attacks geared against IoT. The first large scale IoT device attack was Mirai botnet bringing down a large part of the internet. How did the attacker gain control over thousands of IoT devices? It was simply a hard coded credential that gained them access into the device's Operating System.