December 2025 – Michael Waterman

Other parts in this series

Over the last couple of years, I’ve written a lot about Public Key Infrastructure (PKI). Not the “click next, next, finish” type of posts, but the deeper stuff, why you’d pick one design over another, and what trade-offs you’re really making.

Even so, I still see people struggling with PKI. Sometimes even setting up a relatively simple environment turns into a painful mix of conflicting guides, half-implemented best practices, and “set it and forget it” assumptions. The reality is: PKI quietly underpins almost everything we trust in modern IT environments, but it’s often poorly documented, inconsistently implemented, and rarely treated like the living service it actually is.

Update 26-12-2025: Uploaded new and improved PowerShell scripts to GitHub. Added Windows 11, Ubuntu Server & Ubuntu Desktop to the repository.

In June 2023, I wrote a blog about the principle of clean source. At its core, clean source is about knowing exactly what you are using as the foundation of your installations, and automating that process so the outcome is predictable and repeatable.

Back then, I relied on what we now have to call legacy tooling. While that approach still works, it was already showing its age. Tools like MDT have been deprecated for quite some time, and although community efforts try to keep them alive, it’s clear that this path is slowly coming to an end.

That realization pushed me to take a step back and ask a simple question: why not approach this from a DevOps mindset instead? As it turns out, that opened the door to some pretty cool possibilities.

Month: December 2025

How to: Build a PKI with PowerShell – Part 1 – Preparation

Other parts in this series

From ClickOps to DevOps, building secure Windows images with Packer on Proxmox

Recent Posts

Resources

Archives