Posts Tagged 'Security'

Clean up expired certificates from AD

Published August 24, 2011 Active Directory , AD , AD cmdlets , Certificate Authority , Certificate Management , Certificates , one-liner , PKI , PowerShell Comment
Tags: , , , , , , ,

Security MVP Vadims Podans just did a great post on using PowerShell to remove expired user certificates from Active Directory.

In a nutshell,

  • If your company is using certificates for user authentication or encryption, these expire every now and then,
  • Your Enterprise CA in that case appends new certificates to users’ userCertificate attribute, while leaving expired certs there as well,
  • Over time these increasingly clutter your AD, making administration more difficult and negatively affecting AD replication traffic.

Luckily, cleaning up expired certificates with PowerShell is extremely easy.

To do the clean-up for a specific user you can run this one-liner:

Get-QADUser username | Remove-QADCertificate -Valid:$false

To clean-up the entire domain, just do:

Get-QADUser | Remove-QADCertificate -Valid:$false

See Vadim’s original post for details.

Read more about PKI management with PowerShell here.

PKI management with PowerShell

Published September 22, 2010 Active Directory , AD , AD cmdlets , Certificate Authority , Certificate Management , Certificates , cmdlets , PKI , PowerShell Comments
Tags: , , , , , , ,

Guide for Using Quest AD-PKI cmdlets: Using PowerShell to manage your security certificatesComplete guide for security certificate management with AD cmdlets 1.4 got recently published here and is a must-read if you want to automate your public key infrastructure (PKI).

PKI allows security administrators to uniquely identify and trust hardware devices by using digital certificates. This technique is one of the most secure access strategies, but can also be complicated to set up and manage. This guide reviews the security concepts surrounding digital certificate management and details how the AD-PKI cmdlets can be used with Active Directory to simplify PKI management.

Here’s the table of content from the guide:

  • Understanding Digital Certificates
    • Cryptography Fundamentals
      • Symmetric Encryption
      • Asymmetric Encryption
      • Best Practices for Symmetric and Asymmetric Encryption
  • Types of Certificates
    • X509 Certificate Version 1
    • X509 Certificate Version 2
    • X509 Certificate Version 3
      • Common Certificate Extensions
  • Certificate Revocation List
    • X509 Certificate Revocation List Version 1
    • X509 Certificate Revocation List Version 2
      • Common CRL Extensions
  • Certificate Stores and Containers
    • Local Certificate Stores
    • Active Directory Certificate Containers
  • Certificate cmdlet Descriptions
  • Object Structures of Certificate Stores, Certificates, and CR
    • Certificate Store
    • Certificate
    • Certificate Revocation List (CRL)
  • Using Quest AD PKI-related cmdlets
    • Working with Certificate Stores
      • Explore Certificate Store
      • Create Certificate Store Container
      • Delete Certificate Store Container
    • Adding Certificates to a Certificate Store
      • Certificate File Types
      • Import a Single Certificate
      • Import a Pkcs7 Certificate Container
      • Import a Serialized Store
      • Import a Pkcs12 Certificate with a Private Key
      • Add Imported Certificates to a Store
      • Add an Imported Certificate to a User Account
      • Advanced Techniques
    • Exporting Certificates from a Certificate Store
      • Simple Certificate Export
      • Export a Certificate with a Private Key
      • Export Multiple Certificates
  • Working with Certificate Revocation Lists (CRLs)
    • Add CRLs to a Certificate Store
    • Export CRLs from a Certificate Store
    • Remove a CRL from a Certificate Store
  • Manage Active Directory PKI-related Containers
    • Publish a Certificate to Active Directory Containers
    • Remove a Certificate from Active Directory Containers
    • Publish CRLs to Active Directory Containers
    • Remove CRLs from Active Directory

Download the ebook “Guide for Using QuestAD-PKI cmdlets: Using PowerShell to manage your security certificates” and get the most out of your PKI environment.

 Subscribe in a reader

Subscribe by email

Add to Technorati Favorites

My Recent Tweets

RSS My company’s blog

  • Meet our iPad2 Winner, Bruce Burke
    Last month we ran our first sweeps contest and received over 30,000 entries in just 4 weeks! Below is a screenshot of the Facebook entries: After announcing the winner, Bruce Burke, I decided to get in touch and find out more about him and how he is using Jelastic for his projects. Hi Bruce, thanks [...]The post Meet our iPad2 Winner, Bruce Burke appeared fi […]
  • MongoDB Master Slave Replication
    As we’ve already told you in our previous post about MySQL master-slave replication the database replication offers various benefits depending on its type and the options you choose, but the common benefit of replication is the availability of data when and where it is needed.  As a result, your customers will experience improved availability of replicated d […]
  • Integration with NetBeans IDE
    Like millions of developers out there we really love NetBeans IDE, which lets you quickly and easily develop Java desktop, mobile, and web applications, while also providing great tools for PHP developers. That’s why we have created a Jelastic plugin for this platform. With the new Jelastic plugin for NetBeans IDE, you can work with your development, [...]Th […]
  • New Version of Jelastic – 1.9.1 Launched
    Today we announced the launch of a major new version of Jelastic. The new version, 1.9.1, features a CRON scheduler, the ability to schedule database backups, new notifications about running out of resources and the latest versions of software stacks (including PostgreSQL 9.2.4). The newly launched Jelastic 1.9.1 includes: CRON job scheduler, Scheduled datab […]
  • Jelastic Released Commercially by innofield!
    Switzerland is well know for chocolate, their army knives and creating fabulous watches. Thanks to innofield,  the Swiss will forever be known as the providers of the first Swiss based PaaS solution with their Flow App Engine (powered by Jelastic). This week, innofield came out of beta and launched commercially with Jelastic 1.9.1. “As Platform-as-a-Service […]
  • Play 1 vs Play 2 Framework
    Today’s guest post comes to you from our friend and user, Dane Marcelo, JArchitect product manager. He points out some interesting differences between the Play 1 and the Play 2 frameworks. So, let’s dive into this great post! Play is an open source web application framework, written in Scala and Java, which follows the model–view–controller (MVC) architectur […]
  • Cloud Software Stacks Market Share: April 2013
    It’s that time where we can share with you the updated statistics on databases, Java and PHP application servers as well as Java and PHP version popularity. Last month was hot here at Jelastic: we launched Jelastic in the Netherlands with the most technically advanced hoster in the country – info.nl and in Switzerland with our very [...]The post Cloud Softwa […]

Legal

The posts on this blog are provided “as is” with no warranties and confer no rights. The opinions expressed on this site are mine and mine alone, and do not necessarily represent those of my former employer - Quest Software, or my current employer - Jelastic or anyone else for that matter. All trademarks acknowledged.

© 2007-2013 Dmitry Sotnikov

Pages

May 2013
M T W T F S S
« Feb    
 12345
6789101112
13141516171819
20212223242526
2728293031  
Follow

Get every new post delivered to your Inbox.

Join 65 other followers

%d bloggers like this: