Knowledgebase - Securetron | ADCS | MSCA

Microsoft Is Removing Trust for Cross‑Signed Kernel Drivers and here is How to Validate

Posted in News.

Windows | News Kernel Drivers | WHCP Microsoft Is Removing Trust for Cross-Signed Kernel Drivers Microsoft is closing one of Windows’ longest-standing security gaps. Beginning with the April 2026 Windows Update, Windows will no longer trust kernel drivers signed under the legacy Cross-Signed Driver Program. Attackers have abused these drivers for years to load malicious or vulnerable components directly into the kernel. This change affects Windows 11, Windows Server 2025, and all future releases. 🔐 Why Microsoft Is Making This Change Cross-signed drivers were originally a convenience...

bios, boot, drivers, IoT, kernel, OT, secure boot, SeSecureBoot, uefi, WHCP

Windows Secure Boot Certificate Update

Posted in News.

ADCS | Compliance SaaS | Enterprise | Community Edition How to update Windows Secure Boot Certificate About Secure Boot Secure Boot enforces a chain of trust by checking signatures against certificates stored in firmware (DB/KEK/PK). The 2011 Microsoft UEFI CA certificates begin expiring in June 2026; systems that do not receive the replacement certificates will enter a degraded security state and may lose future boot‑time protections What Microsoft is doing and timeline Microsoft published guidance and began a phased rollout of...

bios, boot, secure boot, SeSecureBoot, uefi

Eliminating Certificate Risk: How Azure Key Vault and Securetron PKI Trust Manager Work Together

Posted in Knowledgebase, News. No Comments on Eliminating Certificate Risk: How Azure Key Vault and Securetron PKI Trust Manager Work Together

Azure | Key Vault | AKV SaaS | Enterprise | Community Edition 🔐 Why Managing Certificates in Azure Key Vault Is Essential And How Securetron PKI Trust Manager Elevates That Security Digital certificates sit at the heart of modern security. They authenticate workloads, encrypt data in transit, and establish trust between applications, devices, and users. As organizations scale their cloud footprint, the number of certificates they rely on grows rapidly and so does the complexity of managing them. This is where Azure Key Vault becomes indispensable. And when combined with Securetron PKI...

Active Directory Certificate Services, admin group, AKV, azure, Azure Key Vault, CBA, cbom, certificate, certificate based authentication, certificate bill of material, Certificate Lifecycle Management, Certificate Management System, clm, containers, discovery, docker, entra-id, free, handala, Intune, iran, Linux, MFA, notification, phishing resistant, PKI, remote wipe, striker, stryker, TLS

Phishing-Resistant Authentication Protection: A Step-by-Step Guide to Implementing Certificate-Based Authentication in Entra-ID

Posted in Knowledgebase, Guides, MFA. No Comments on Phishing-Resistant Authentication Protection: A Step-by-Step Guide to Implementing Certificate-Based Authentication in Entra-ID

Security | MFA | CBA SaaS | Enterprise | Community Edition Phishing-Resistant Authentication Protection: A Step-by-Step Guide to Implementing Certificate-Based Authentication in Entra-ID Certificate-based authentication (CBA) represents a significant upgrade from traditional password-based logins or traditional TOTP/OTP MFA, offering phishing-resistant and passwordless access to Microsoft Entra ID (formerly Azure AD), as well as protecting critical assets and services. This article provides a comprehensive guide on implementing CBA for both end-users (user authentication)...

Active Directory Certificate Services, admin group, CBA, cbom, certificate, certificate based authentication, certificate bill of material, Certificate Lifecycle Management, Certificate Management System, clm, containers, discovery, docker, entra-id, free, handala, Intune, iran, Linux, MFA, notification, phishing resistant, PKI, remote wipe, striker, stryker, TLS

Integrate Intune with PKI Trust Manager to Issue Certificates to Users, Devices, and Servers

Posted in Guides, Knowledgebase. No Comments on Integrate Intune with PKI Trust Manager to Issue Certificates to Users, Devices, and Servers

ADCS | Intune SaaS | Enterprise | Community Edition Integrate Intune with PKI Trust Manager to issue Certificates This tutorial guides you through fully integrating PKI Trust Manager and Intune to issue certificates to users or devices. The PKI Trust Manager’s Intune Integration service should be used instead of Microsoft Network Device Enrollment Service. You will learn how to navigate the interface and configure necessary certificate templates for successful setup. 1. Introduction Let us begin at the ISSUING Certification Authority that has been previously integrated with...

Active Directory Certificate Services, azure, certificate, Certificate Lifecycle Management, Certificate Management System, clm, Cloud PKI, containers, docker, Hybrid, Intune, Linux, M365, MFA, PKI, TLS

How to build Certificate Bill of Material (CBOM)

Posted in Guides, Knowledgebase. No Comments on How to build Certificate Bill of Material (CBOM)

Discovery | Notification SaaS | Enterprise | Community Edition What is CBOM – Certificate Bill of Materials CBOM stands for Certificate Bill of Materials. It is a concept borrowed from the software industry’s SBOM (Software Bill of Materials) and applies its core principle to the complex ecosystem of digital certificates and cryptographic assets within an organization. Core Definition A CBOM is a formal, machine-readable inventory that details all the digital certificates (TLS/SSL, code signing, S/MIME, client authentication, etc.), cryptographic keys, and sometimes related...

Active Directory Certificate Services, cbom, certificate, certificate bill of material, Certificate Lifecycle Management, Certificate Management System, clm, containers, discovery, docker, free, Linux, MFA, notification, PKI, TLS

Enable SCEP API Interface on PKI Trust Manager

Posted in Guides, Knowledgebase. No Comments on Enable SCEP API Interface on PKI Trust Manager

ADCS | Compliance SaaS | Enterprise | Community Edition How to Enable SCEP Service in PKI Trust Manager This tutorial guides you through enabling the SCEP Service within the PKI Trust Manager. The PKI Trust Manager SCEP service should be used instead of Microsoft Network Device Enrollment Service. You will learn how to navigate the interface and configure necessary certificate templates for successful setup. Prerequisites How to Publish a Certificate Template in PKI Trust Manager How to Deploy Microsoft CA / AD CS Proxy Gateway How to Deploy CertAPI Container on Azure How to Deploy...

Active Directory Certificate Services, certificate, Certificate Lifecycle Management, Certificate Management System, clm, containers, docker, Linux, MFA, PKI, TLS

How to Audit Microsoft Certification Authority (ADCS) using PKI Trust Auditor

Posted in Guides, Knowledgebase, PKI-Trust-Auditor. No Comments on How to Audit Microsoft Certification Authority (ADCS) using PKI Trust Auditor

ADCS | Compliance SaaS | Enterprise | Community Edition How to Audit Active Directory Certificate Authority (ADCS) / Microsoft CA using the PKI Trust Auditor This guide explains how to audit an Active Directory Certificate Authority using PKI Trust Auditor. You will learn the step-by-step process to perform a comprehensive audit efficiently. 1. Prerequisites To begin, You will need to have these steps performed: 1. Download the PKI Trust Auditor from securetron.net for Free. 2. User account that is a Domain Admin or an Enterprise Admin. For specific permissions refer to the...

Active Directory Certificate Services, ADCS, audit, certificate, Certificate Lifecycle Management, Certificate Management System, clm, containers, docker, Linux, MFA, PKI, PKI Trust Auditor, TLS

Deploy PKI Trust Manager using Docker

Posted in Guides, Knowledgebase. No Comments on Deploy PKI Trust Manager using Docker

Guide | PTM SaaS | Enterprise | Community Edition How to Deploy PKI Trust Manager using Docker This tutorial guides you through deploying the PKI Trust Manager on Docker. You will complete all necessary steps to set up and verify the deployment successfully. 1. Introduction Let us begin by accessing a linux server terminal to begin the deployment process. In our demo we are using Ubuntu. 2. Create Directory First, create a new directory called securetron. This directory will be used to download the necessary files required to run the PKI Trust Manager application 3. Enter...

Active Directory Certificate Services, certificate, Certificate Lifecycle Management, Certificate Management System, clm, containers, docker, Linux, MFA, PKI, TLS

Issue Certificate using PKI Trust Manager Web Interface

Posted in Knowledgebase, Guides. No Comments on Issue Certificate using PKI Trust Manager Web Interface

Admin Guide | PTM SaaS | Enterprise | Community Edition Issue Certificate using PKI Trust Manager Web Interface This tutorial guides you through issuing a certificate using the PKI Trust Manager. You will learn how to navigate the interface and complete all necessary steps to successfully issue a certificate. 1. Select Certificate Admin The certificates can be issued and managed via various channels in PKI Trust Manager including automation, API interfaces and integrations with services. In this video we will walkthrough on how to issue a certificate manually 2....

ADCS, Admin Guide, certificate issuance, Certificate Template, certlm.msc, certmgr, guide, MSCA, pki trust manager