Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Help me understand this PKI business

  • Please log in to reply
No replies to this topic

#1 Demburglar


  • Members
  • 1 posts
  • Local time:11:57 PM

Posted 25 January 2012 - 07:32 PM

I was wondering if anybody could help me understand this text and translate it into less technical speak.

Windows XP PKI supports cross-certification and Bridge CA scenarios. User-type certificates can be auto-enrolled and renewed.[114] Certificate requests for issuing new certificates or renewing expired ones can be pending until administrator approval or until issued by the Certificate Authority and once approved, they install automatically. Root CA certificates now also auto-update via Microsoft Update. Windows XP also supports delta CRLs (CRLs whose status has changed since the last full base compiled CRL) and base64-encoded CRLs for revocation checking and will use them by default. Windows XP can enroll version 2 certificate templates which have many configurable attributes.

Smart cards can be used to login to terminal server sessions (when connecting to a Windows Server 2003 or higher Terminal Server), with CAPICOM or with system tools such as net.exe and runas.exe. There are also numerous improvements to certificate status checking, chain building and revocation checking, path validation and discovery.[115] Windows XP Service Pack 3 adds SHA-2 hashing algorithms (SHA256, SHA384 and SHA512) to the CryptoAPI for validating X.509 certificates.

BC AdBot (Login to Remove)


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users