All news with #certificate management tag

🔐 AWS Private CA now supports the post-quantum digital signature algorithm ML-DSA (NIST FIPS 204), enabling organizations to create CAs and issue certificates designed to resist quantum attacks. The feature lets you test certificate issuance, identity verification, and code signing using ML-DSA, and supports CRLs and OCSP responders. Availability spans all commercial AWS Regions, AWS GovCloud (US), and China Regions to help teams begin transitioning PKI toward post-quantum cryptography.

🚨 The October 2025 Windows security update KB5066835, intended to move cryptography from CSP to KSP, is causing widespread enterprise disruption. Affected platforms — including Windows 10 (22H2), Windows 11 (23H2–25H2) and several Windows Server releases — report smartcard and certificate failures, USB mouse/keyboard loss in WinRE, IIS ERR_CONNECTION_RESET and WUSA installation errors. Microsoft published a registry workaround (DisableCapiOverrideForRSA=0) and an out‑of‑band update (KB5070773) for some issues, but urges caution and recommends thorough testing before broad deployment.

🔐 This post explains how to configure customer trust stores to accept public certificates issued through AWS Certificate Manager (ACM) and clarifies the role of Amazon Trust Services. It warns that ACM issues certificates via dynamically selected intermediates, so trusting only intermediates or pinning end-entity certificates can cause outages. The recommended action is to install five Amazon root CAs in your trust stores and to validate configuration across Windows, Amazon Linux, and Java environments.

🔐 AWS Managed Microsoft AD now supports certificate auto-enrollment for LDAPS and Smart Card authentication by integrating with AWS Private CA through the AWS Private CA Connector for AD. The integration automates issuance, renewal, and lifecycle management of domain controller certificates, removing the need to maintain CA infrastructure on Amazon EC2. This capability is available in all Regions offering the connector and can be configured via the console or API.

🔒 Cloudflare reported that Fina CA issued twelve unauthorized TLS certificates for the public DNS IP 1.1.1.1 between February 2024 and August 2025. All certificates have been revoked and Cloudflare found no evidence they were used maliciously, noting that successful impersonation would also require client trust in Fina and interception of traffic. The misissuance was detected via Certificate Transparency logs, and Cloudflare is improving alerts, monitoring, and triage to prevent similar lapses.

🔒 AWS Certificate Manager (ACM) now supports AWS PrivateLink, enabling access to ACM APIs from within an Amazon VPC without traversing the public internet. You can create interface endpoints to connect your VPC to ACM using the AWS Management Console, AWS CLI, or AWS CloudFormation. This private connectivity is available in all Regions where ACM and PrivateLink are supported, including AWS GovCloud (US) and China Regions, and helps meet compliance requirements by keeping API traffic inside the AWS network.