certreq snippets for ADCS

This is a collection certreq commands. It might be of use for someone administrating an ADCS instance. Issuing a leaf certificate certreq -submit -attrib "CertificateTemplate:CertTemplateName" .\signing_request.csr Issuing an issuing CA certificate This assumes that the root CA is not running in enterprise CA mode. certreq -attrib "CertificateTemplate:SubCA" -attrib "ValidityPeriod:1" -attrib"ValidityPeriodUnits:Years" .\SSL_CERT_R.csr The certreq tool will then output a RequestId. Look this up in certsrv.msc and approve it. Or not.

April 14, 2022

Encryption Adventures in SQL Server

When calling EncryptByKey() in SQL server you will get a bunch of bytes in return. This article from Microsoft describes the structure of these bytes. If you pay close attention, it is even possible to work with this format outside of SQL server. Both decrypting and encrypting is possible, given that you can get the encryption key available outside of SQL Server. Using a HSM with the EKM integration is one way to do this, as SQL server has no native integration for exporting and importing keys....

April 14, 2022