A small blog on PKI related things and other fun stuff!
Time 2021-08-30 22:26:46Web Name: A small blog on PKI related things and other fun stuff!
WebSite: http://blog.trustmyroot.com
ID:189945
Keywords:
PKI,related,on,Description:
Not much blogging from my side the last 2 years, but now it´s finally time for a new post.One of my last posts was about YubiHSM2 and the ultra-small form factor that provides a very useful HSM for a reasonable price. And I´ve used a number of thoose at customers that needed to increase the protection of their CA´s private keys. But all of those customers had their CA´s on dedicated hardware. And all customers with CA´s on virtual servers (VmWare and Hyper-V) have just placed their CA private keys in the file system. But recently I´ve been in a couple of projects that needed HSM´s but were on VmWare. And network HSM´s were out of budget so to say. But according to Yubico the YubiHSM should work fine in a virtual environment. So we installed a CA with a YubiHSM2 and it simply did not work. The connector service hung every now and then when accessing the HSM. We managed to install a CA but when enrolling certificates the service hung. And talking to to Yubico´s excellent, but sometimes a little slow support (it´s free so no complaints, the paid support is quick as..), they told me it was a knows issue. And they asked me to open a support case with Vmware and promised to help out. But that was not an option in that project due to security reasons. So I decided to try another approach. I looked into network-2-USB-devices. And I found the Silex DS-510. They stated the following on their homepage: The Silex DS-510 is designed to easily connect and share USB devices over a network. Printers, Scanners, Disk Drives, Card Readers, or virtually any other USB device can be now be enabled with network capability. I asked Yubico support and they came back and said: Unfortunately this kind of device will not work for what you are trying to accomplish . But since I had already ordered one (they are about 150$) I decided to have a go. And it worked perfectly! And the thing is: It is really easy to use! Basically connect the Silex DS-510 to the network, install the driver on the dedicated server, connect your YubiHSM to the DS-510 and it will show up in the system like any other USB-device. I´ve tried it both on Vmware and Hyper-V and it works perfect! Of course more testing is needed and you have to consider the security in this device. It is on my to do list. But so far so good! And the key-material is stored on the YubiHSM2 and communication between the HSM and CA over the network is protected. I think I have convinced Yubico to test the device as well so they can recommend from their side as well. I´ll update this post when I got more info.At the end of the day I really have to recommend this solution. The YubiHsm2 is excellent and in combination with the Silex DS-510 we got a winnerfor Certificate Authorities in virtual enviroments! Have you ever managed a Microsoft CA? Then you probably know about all the limitations in the tools for administration. For example, the problem with browsing and searching in the CA database? Or keeping track of certificates about to expire? Or just a simple thing as statistics over issued, revoked failed/denied certs? And don´t get me started about the manual enrollment options.Well a couple of weeks ago I was contacted by a company which develops an add-on software for MS CA. The asked if I could do a review of their product and provide feedback. And since I spend a lot of time in a hotel room I decided to help out.The product is called CertHat and provided a web-service for MS CA. It consists of a Web application, a SQL database and a small agent installed on your CA servers.My first impression is great! It provides a really nice web interface with a lot of nice features. For example, database search, statistics, notification of expiration for certs and a lot of other really nice stuff.More information can be found on their web site; https://certhat.com/ There is a lot of info about the product. It also contains a full featured demo-site to test the product. And of course, contact info. Otherwise let me know and I´ll do my best to help out with contacts.And just for info: I don´t get any form of payment for this blog post. I got a nice Certhat T-shirt for my testing and feedback, and that is all! I just really like the product and got a really good impression of the guys behind it. So please mention this blogpost if you decide to contact them.<<< Thank you for your visit >>>
Websites to related : EniG. Periodic Table of the Elem
Triple point of oxygen (54.3584 K, -218.7916 C)Triple point of argon (83.8058 K, -189.3442 C)Triple point of mercury (234.3156 K, -38.8344 C)Triple po
Pridgeon Clay - WelcomeWelcome to Pridgeon & Clay Pridgeon & Clay is one of the largest independent, value-added manufacturers and suppliers of automotive stamped and fine-b
Australian Peacekeeper and PeaceThe purpose of the APPVA is to support the transition, health, wellbeing, and integration into society of all participants in past and present operati
MidecoWelcome to Mideco Mideco Group is a JAS-Certified importer of organic food, trading exclusively in organic farm products. ミデコグループは、小売チェ
5 Sterne Wellness Hotel Ostsee aSo nah am MeerWillkommen in Ihrem 5 Sterne Superior Thermenhotel direkt an der Ostsee! Ankommen. Abtauchen. Aufatmen.Umsorgt mit 5-Sterne-Herzlichkeit
Pendragon PressPendragon now makes many of its titles available in Ebook format. They are listed on Boydell and Brewer's website at https://boydellandbrewer.com/cata
Dinosaur Toy Blog at dinotoyblogSpinosaurus (Inflatable Animals by Ravensden) August 27, 2021Guest ReviewstheropodGenus: SpinosaurusComments: 2 Review and photographs by DrWheelie
Dododex | ARK Taming CalculatorThe ARK taming calculator and companion app used by over 6million ARK:SurvivalEvolved players."The most comprehensive tool for taming and dinosaur inf
Cell Fixer Eries Cell Phone RepProviding affordable and fast cell phone repair using only the highest quality replacement parts. We repair any make and model and can replace batter
Techarta | Your Guide to Technol8 Signs You Need To Invest In Website Revamp Right Now As the internet becomes the most popular way to buy and assess businesses, a robust online pres
adsHot Websites