Issue Statement: You have disabled a specific version of TLS/SSL using following registry as mentioned in https://support.microsoft.com/en-in/help/245030/how-to-restrict-the-use-of-certain-cryptographic-algorithms-and-protoc: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\<SSL/TLS version to disable>\Server When you run vulnerability scan in your environment, you still get disabled SSL/TLS version listed as enabled in the vulnerability report over a specific port (e.g. 4883) Action Plan: Capture following data: 1) Netstat […]

Problem Statement: How to change the signature algorithm on CA (Certification Authority) Server from RSASSA-PSS to RSA256SHA? Cause: You have legacy clients e.g. Windows XP, Window Server 2003 cannot validate the RSASSA-PSS signature and this behavior cannot be changed by installing any Service Packs as well. RSASSA-PSS signatures are supported on Vista and later operating systems only. […]

Problem Description: You have migrated your CA from SHA1 to SHA256. Now you are unable to generate request file when trying to renew your CA certificate using same / existing key pair. However, if you choose to go with new key pair you can successfully generate a request file.  Cause: KeySpec Value of the CA […]