Michael Waterman

Ramblings on IT and Security

Tag: Cryptography

Windows Server 2025 and Post-Quantum PKI

May 15, 2026 / / 1 Comment

Once upon a time, certificates were issued, systems trusted each other, smartcards authenticated users, VPNs connected remotely, web servers showed reassuring padlocks, and somewhere in a forgotten virtual machine or dusty rack server, a CA happily kept signing certificates while everyone collectively agreed not to touch it unless absolutely necessary. And to be fair, in most cases, that worked surprisingly well. Until suddenly… it didn’t.

Over the last few years, PKI has been pushed far beyond what many environments originally designed it for. Certificate usage exploded. Identity became the new security perimeter. TLS is everywhere. Code signing became critical. Zero Trust architectures increased certificate dependency. And now, on top of all that, the industry is preparing for something that used to sound like science fiction:

Post-Quantum Cryptography. (Insert some dramatic music)

During the recent Windows Server 2025 Summit sessions, Microsoft shared a major update on their Post-Quantum roadmap for Active Directory Certificate Services (AD CS), including the introduction of ML-DSA support in Windows Server 2025 and the first practical steps toward quantum-resilient PKI.

Continue reading

PKI – Part 6: Demystifying the CAPolicy.inf file

May 18, 2025 / / 2 Comments

Ever heard of the capolicy.inf file? It’s like a digital instruction manual for a Certificate Authority (CA) server. It pre-configures the CA and has a say in how certificates are set up or renewed. In other words, it’s a behind-the-scenes helper that ensures everything is governed with digital certificates. In this blog post, I’ll break down what this file does and why it matters in plain and simple terms.

Continue reading

PKI – Part 4: Understanding Cryptographic Providers

October 13, 2023 / / 4 Comments

Introduction

In the realm of Public Key Infrastructure (PKI), where the keys to digital security are exchanged, stored, and safeguarded, cryptographic providers play a pivotal role. These providers are the guardians of cryptographic keys, ensuring the integrity, confidentiality, and authenticity of digital communications. They are the invisible sentinels that underpin the very foundation of trust in the digital world.

Continue reading

The basics on Diffie-Hellman key exchange.

December 27, 2022 / / 1 Comment

Do you want to know a secret? You probably do, question is, would you like it if anyone else knew your secret as well? I am guessing not. That is why, on the Internet, we use encryption for the data that we send and receive, just to make sure that someone else is not listening in on our conversation. Encryption is not only used when directly communicating with each other, it is also used for something we call “integrity”, a.k.a. “I want to make sure that I get what the other end is sending without anyone modifying it in transit”. So, use encryption anywhere! read on while we explore the basics on how data is securely transferred from one place to another using Diffie-Hellman key exchange.

Continue reading

© 2026 Michael Waterman

Theme by Anders NorenUp ↑