Alle Postings (158)

2018

Physik und Software-Stacks

Das erste Suchergebnis

Reverse Engineering

2017

Best of 2017

Fernprojekte

Computer, Informatik und IT

Physik - die Ernte!

Subversiv? Physik?

Meine Philosophie!

Scripts erzeugen Scripts

2016

Theoretische Physik als Hobby

Selbstbezügliche Poesie

Stille Website

'Machst Du noch PKI?'

Meine Philosophie (?)

Wie wirkt Physik?

2015 ist nicht viel passiert

2015

Unaussprechliches

Selbst-Poesie

Letztes Posting...

Web-Projekt: Status-Update

Wir unterbrechen ...

Unsere Photovoltaik-Anlage

Soziale Schulden

PKI-Status-Update

Leben und Arbeit

IT-Postings

Alte Weisheiten - neue Popularität

Definition: 'Subversiv'

2014 in Büchern

Zu den Wurzeln von radices

Physik-Postings

Physiker oder Ingenieur?

Ing.-Postings

Wirkliche Expertin

2014

2014 - ein gutes Jahr

Fast 20 Jahre danach

Ingenieurs-Links

Jahresansprache

Was ist Kunst?

Bio

PKI FAQ

Worte und Google

Zertifikate und Wärmepumpen

Technet-Postings

WOP!

Leben, das Universum und überhaupt alles.

Oh-oh, kein Posting im März

Radices = Wurzeln = Roots

PKI-Probleme

PKI Ressourcen

PKI-Probleme

Arbeit

Schreiben

Was ist PKI?

Ich stehe auf den Schultern subversiver Giganten

PKI - Netzwerke - Smart Grid

Suchbegriffspoesie

Quantenfeldtheorie

Plattform für Poeten

2013 in Büchern

2013

Nutzbar machen, erklären, beurteilen

Lebensform Elke Stangl

Technologie

Was fasziniert mich an der Physik?

Naturphilosophische Praxis?

elkement and diese Site

Sind Netzwerke sozial?

Retrospektion

Newsletter-Wiederbelebung

Wilhelm Macke: Internet-Spuren

2012

Gratis, umsonst und nutzlos

Subversiver Jahresbericht

Was ist Energie?

Prof. Wilhelm Macke

Mein Leben ist ein Klischee(?)

Netzwerke (Kategorie)

Wissenschaft - Kindheitsmelodie

Freude am Klischeé

Möchtegern-Netizen

Der tägliche Untergrund

Parawissenschaften - Resümee

Profil

Parawissenschaft - Bücher

Das Element ist zurück!

Offline

PKI: Zwischenstand

2011

Warteschleife

Naturwissenschaft - Arbeitswelt

Nicht originell

Das ganze Internet...

Experte

Kurz vor einem Neubeginn

Die rote Pille

Erkenntnis

2008

Netizen (2)

2007

Das Ende

Früher einmal...

2006

Netzwerktheorie

2005

Tsunami-Physik

Nullpunktsenergie

Nr.9 - Krypton

radices.net - Internet

Hier ist der Ausgang

Element-Art

Skeptizismus und Esoterik

Der totale Spielraum

Nr.8 - Brave New Online World

Nr.7 - Wer ist DAS Element?

Moderner Networker

Liebe zur Weisheit

EPSI-Kult

EPSI

Nr.6 - The Art of Networking

Unterteilung der Physik

Ich bin ein Dilettant!

Bewusstseinserweiternd

Was ist 'subversiv'?

(Para-)Wissenschaften global

Epigonen

2004

Nr.4,5 - Welcome

Beruf, Berufung, Interesse

Nr.4 - Selbstfindung

Subversiver Römer für die Sammlung

Existenz

Parawissenschaften

Nr. 3: Internet-Apocalypse

Skeptizismus

Meta-Gefasel

Keine Ahnung von Kunst

Ur-Fragen

Umsonst

Dejavu

Bewegungsgleichung

Bildungsideal

Physik repräsentiert...

Nr. 2: Primzahl

Nerd, Geek, Techie

Nr. 1 von mindestens 42

Subversiver Newsletter

Best of Log

Netizen

Magie der Deadlines.

2003

Anstelle eines Lebenslaufes

Was ist Wissenschaft?

Captain Kirk's Lieblingsbefehl

Wissensmanagement

Keine Navigation

radices.net - Geschichte

Bücher: Meine Favoriten

2002

Elke war da

2000

Pinkes Raumschiff

1998

Worte

Goldene Talente

Lebensplanung oder Chaos

Wissenschaftliche (?) Laufbahn

1996

Rede zur Promotion

1987

Die 'heutige Jugend'

Postings in Technet-Foren

(elkement. Zuletzt geändert: 2015-04-01. Erstellt: 2014-07-29. Tags: IT, PKI, Kryptografie, Sicherheit, Diskussionen, Troubleshooting, Postings, X.509, Ressourcen, Listen. Englische Version.)

2014 war ich wieder aktiv in den Microsoft-Security- und -Infrastruktur-Foren. Ich habe diese Diskussionen als meine persönliche Wissensdatenbank genutzt.

Hier ist der Feed zu meinen letzten Aktivitäten!. Meine Mission hier scheint mit Ende 2014 beendet zu sein!

(Last changed: April 1, 2015. Added last threads I contributed to in December 2014.)

Insert some years during which I was just busy doing PKI but not contributing to the community. I try to compensate for that now!

  • [2009-07-16] What is PKI compatibility? It depends on what is compared: Certificates and their fields, key stores and access methods, request structure, protocols to enroll for certificates,...
  • [2009-07-16] Notification e-mails sent by the SMTP Exit module contain variables instead of values. Might be an issue of using the variables in a scripts versus running the commands interactively. In a script the % needs to be masked by another %.
  • [2009-07-16] Windows CA and redundancy: Does a second CA help? Templates are redundant in AD anyway. A second CA does not help as it uses a different key and cannot sign CRLs on behalf of a failed first CA automatically. For risk mitigation the CRL validity period should be configured for a few days or whatever is needed to detect and fix an issue in the worst case. Redundancy could be achieved with fail-over clustering.
  • [2008-11-09] Planning fail-over clustering for a CA, in particular how to migrate an existing non-clustered CA into the cluster. Clustering is only supported with HSMs(*). As for the names it can be done but the legacy of LDAP objects and HTTP URLs that contain the old machine name makes that rather messy. Suggestion: Use a new clustered CA setup from scratch with proper names and create a long-lived CRL for the existing CA before retiring it.
    (*) Learned in 2014 that this is not true (anymore?)
  • [2008-10-01] How to configure CRL URLs for offline CAs. It seems either a CRL has not been copied to the CRL server denoted in the CDP or the defaults have been used and the URL points to the Root CA itself. Brief outline of process.
  • [2008-09-23] Variables in CA configuration (starting with %) do not get replaced by their values. Turned out to be a copy and paste error as the lines have been copied to the command window directly.
  • [2008-09-19] Limit PKI usage to one domain - how to set permissions. The CA is a forest resource but permission for domain-specific groups can be set at the CA (Request Certificates right), or permissions on all templates could be limited to groups from this domain
  • [2008-09-18] Time zones and clock skew. Date formats in certificates are in Universal Time format including time zone information. There is only a clock skew of 10 minutes applied by default to avoid false not-yet-valid messages.
  • [2008-07-28] Checking and changing validity periods of CRLs as the default period of a week is too short for a typical Root CA. Overview on how to set the validity period in Properties of Revoked Certificates and - optionally - overlap by editing the registry.
  • [2008-07-28] Requirements for macro signing certificates. I suggest to time-stamp macros as otherwise (even if signed) signature would be considered invalid when the signer's certificate has been expired.
  • [2008-07-26] Certificate services simply fails to start after setup. Not clarified but another user indicated that in his certocm.log a permissions error was logged when he saw the same error - using the domain admin resolved it.
  • [2008-07-26] Sending certificate requests to an untrusted forest. Ideas: Automate the creation of requests and let a service user account from the CA forest fetch the requests, send them to the CA, and collect the certificates. Alternative: Simply use an AD user of the forest where the CA resides and use the certsrv web application to create keys and requests.
  • [2008-07-12] Autoenrollment issues - an XP client does not autoenroll through manual enrollment works and the event log says that Autoenrollment has been completed successfully. Potential root causes: 1) There is already a certificte of that type in the store and the setting Do not re-enroll if a duplicate certificate exists in AD has been set 2) Weird but known issue with credential roaming sometimes falsely archiving certificates.
  • [2008-07-01] Wild-card certificates - feasible but not recommended as there is a slight chance clients may not recognized the wild-card character.

Persönliche Website von Elke Stangl, Zagersdorf, Österreich, c/o punktwissen.
elkement [ät] subversiv [dot] at. Kontakt