New Checks: Active Directory Certificate Services ESC1-15

What is a one sentence summary of your feature request?

Implement and update checks for Active Directory Certificate Services ESC1-15

Please describe your idea in detail. What is your problem, why do you feel this idea is the best solution, etc.

Active Directory Certificate Services is installed in many organizations and PingCastle would benefit from enhanced Active Directory Certificate Services checks.
PingCastle does cover certain checks (A-CertTemp checks) but doesn’t reference the specific ESC number and some of the advised solutions and information could have more information.

How do you currently solve the challenges you have by not having this feature?

I have to use other tools to check for ADCS issues right now.

Hi Rej,
Thanks for your feedback. This is absolutely something we are working on.

The next release PingCastle 3.4 will have some updated guidance and rewording for ESC1 (A-TempCustomSubject) along with introducing a new optional privileged mode to help iron out some false positives where PingCastle will get some extra data from the CA.

We will then look to update all the other certificate services checks to ensure they are accurate and then start adding new checks that PingCastle does not yet cover.

Cheers!