Tag: How-to (Page 1 of 2)

How to: Build a PKI with PowerShell – Part 2 – IIS WebServer

January 3, 2026 / Michael Waterman / 0 Comments

Other parts in this series

How to: Build a PKI with PowerShell – Part 1 – Preparation

How to: Build a PKI with PowerShell – Part 3 – Offline Root CA

How to: Build a PKI with PowerShell – Part 4 – Enterprise CA

In the previous part, I’ve covered the design choices and preparation work needed before touching any infrastructure. In this part, I’ll finally start building something: the PKI Web Server.

I know, I know, not the most exciting exercise, but stay tuned, perhaps I’ll have some former Microsoft Security engineer tips here! However boring, this server plays a crucial role in the overall trust model. It hosts:

The Certificate Revocation List (CRL)
The Certificate Distribution Point (CDP)
The Certification Practice Statement (CPS)

In short: it becomes the “public-facing” component of your PKI.

How to: Build a PKI with PowerShell – Part 1 – Preparation

December 31, 2025 / Michael Waterman / 0 Comments

Other parts in this series

How to: Build a PKI with PowerShell – Part 2 – IIS WebServer

How to: Build a PKI with PowerShell – Part 3 – Offline Root CA

How to: Build a PKI with PowerShell – Part 4 – Enterprise CA

Over the last couple of years, I’ve written a lot about Public Key Infrastructure (PKI). Not the “click next, next, finish” type of posts, but the deeper stuff, why you’d pick one design over another, and what trade-offs you’re really making.

Even so, I still see people struggling with PKI. Sometimes even setting up a relatively simple environment turns into a painful mix of conflicting guides, half-implemented best practices, and “set it and forget it” assumptions. The reality is: PKI quietly underpins almost everything we trust in modern IT environments, but it’s often poorly documented, inconsistently implemented, and rarely treated like the living service it actually is.

PKI – Part 5: Creating Unique Object Identifiers (OIDs)

May 10, 2025 / Michael Waterman / 2 Comments

Introduction: Why OIDs matter in PKI

When building or managing a Public Key Infrastructure (PKI), precision and uniqueness are not optional, they’re very essential. Don’t be one of many, be your unique self! One key element that reflects this is the Object Identifier (OID). OIDs are globally unique values used to identify everything from certificate policies and application purposes to custom certificate extensions and cryptographic algorithms.

Step-by-Step Guide to Windows Event Forwarding and NTLMv1 Monitoring

June 29, 2024 / Michael Waterman / 22 Comments

Did you know that Windows has had a built-in capability to function as a SIEM (Security Information and Event Management) system for years, provided you stay within the Windows ecosystem? This powerful feature, known as Windows Event Forwarding (WEF), allows you to centralize event logs from multiple Windows machines, giving you a comprehensive view of your network’s activities.

Mastering Active Directory Dynamic DNS maintenance

April 28, 2024 / Michael Waterman / 5 Comments

A long long time ago, in a galaxy far far……. wait, that’s a different universe! But today I do want to talk about something very ancient, R FC2136 that was released in April 1997. This specific RFC describes the process of “Dynamic Updates in the Domain Name System (DNS UPDATE)“.

Secure Identity Integration: The Roadmap with Entra Connect

December 28, 2023 / Michael Waterman / 1 Comment

Have you ever wondered how to seamlessly connect your on-premises Active Directory with Entra ID? Well, you’re in the right place because today, I’m diving into Entra Connect, formerly known as Azure AD Connect. But hold on tight, because we’re not just talking about the basics; we’re here to make sure you install and configure it like a security pro!

Advanced QEMU/KVM Networking on Ubuntu

December 12, 2023 / Michael Waterman / 0 Comments

Transitioning between Operating Systems can be a challenge. Many aspects of what you’re used to work differently and you should expect a learning curve.

Well, that was a weird intro for a blog post that has Linux networking in the title! Actually I’m saying goodby to Windows as my primary system…. yes you read that correctly. It’s not that I don’t like the system anymore, it’s the direction Microsoft is taking with AI and the integration into the OS that made me take this decision.

PKI – Part 1: Introduction to Public Key Infrastructure

August 30, 2023 / Michael Waterman / 0 Comments

In the intricate realm of modern digital communication, trust and security form the bedrock upon which data integrity, confidentiality, and authentication rest. Public Key Infrastructure, commonly referred to as PKI, stands as an elegant solution to the complex challenge of establishing and maintaining this foundation of trust in a digital age.

Navigating PowerShell Remoting Challenges with PowerShell 7

August 27, 2023 / Michael Waterman / 0 Comments

In the world of system administration and automation, PowerShell has been a trusted companion for managing tasks efficiently across a variety of environments. With the introduction of PowerShell Core 7, the capabilities of PowerShell expanded further by becoming cross-platform, allowing administrators to manage systems regardless of their operating system. Recently, I embarked on a journey to explore the capabilities of PowerShell Core 7’s remoting features, but as often happens in the world of technology, I encountered an unexpected challenge.

Upgrade MBR to GPT to enhance system security with UEFI

July 6, 2023 / Michael Waterman / 0 Comments

In the world of computing, the way we store and manage data is constantly evolving. One such significant change is the transition from the traditional Master Boot Record (MBR) system to the more modern GUID Partition Table (GPT) system. While both serve the critical function of telling our systems where data is stored and how to boot, GPT brings a host of advantages over its predecessor, from supporting larger disk sizes to improved data corruption handling.

Tag: How-to (Page 1 of 2)

How to: Build a PKI with PowerShell – Part 2 – IIS WebServer

Other parts in this series

How to: Build a PKI with PowerShell – Part 1 – Preparation

Other parts in this series

PKI – Part 5: Creating Unique Object Identifiers (OIDs)

Introduction: Why OIDs matter in PKI

Step-by-Step Guide to Windows Event Forwarding and NTLMv1 Monitoring

Mastering Active Directory Dynamic DNS maintenance

Secure Identity Integration: The Roadmap with Entra Connect

Advanced QEMU/KVM Networking on Ubuntu

PKI – Part 1: Introduction to Public Key Infrastructure

Navigating PowerShell Remoting Challenges with PowerShell 7

Upgrade MBR to GPT to enhance system security with UEFI

Recent Posts

Recent Comments