First published on TECHNET on Dec 12, 2018
Hello all, Tochi Ezebube here again from the Active Directory Certificate Services engineering team.
Sometime back, we released support for the precertificate flow of Certificate Transparency v1 (RFC 6962) in Windows Server 2016 ( https://support.microsoft.com/en-us/help/4093260/introduction-of-ad-cs-certificate-transparency ). For this to work end-to-end, the component submitting the request to the ADCS CA must submit the returned precertificate to a suitable set of Certificate Transparency Logs using the RFC 6962 protocol, aggregate the results as a SignedCertificateTimestampList, and return it to the ADCS CA for X.509 issuance.
Since release, we’ve received a number of requests for sample code to speak the RFC 6962 protocol between the CA and the CT Logs. Here is an unofficial sample to get you started with precertificate submission. It is released as-is with the usual caveats.
Sample code: https://msdnshared.blob.core.windows.net/media/2018/12/ADCS-CT-E2E-Sample.zip
Sample.sln code breakdown:
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.