Introduction
Active Directory Certificate Services (AD CS) provides a Public Key Infrastructure (PKI) that can be used to distribute certificates from a trusted source to enable the following:- Secure data transmission to a known recipient through encryption
- Signing of code and documents that confirms who the sender is and that the data has not been tampered with in any way
PKI uses
- Control access to the network with 802.1x authentication
- Approve and authorize applications with Code Signing
- Protect user data with EFS
- Secure network traffic using IPSec
- Remote access via Virtual Private Network (VPN)
- Protect LDAP-based directory queries Secure LDAP
- Implement two-factor authentication with Smart Cards
- Secure web traffic (HTTPS)
- Implement Secure Email (S/MIME)
- Mobile devices connecting to Exchange Server infrastructures
- Mutual authentication of Exchange Server components
Applications that may use certificates
- Active Directory
- Exchange
- IIS
- Internet Security & Acceleration Server
- Office Communications Server
- Outlook
- System Center Configuration Manager
- Windows Server Update Services
Hardware Security Module
A hardware security module (HSM) is a dedicated crypto processor that is specifically designed for the protection of the crypto key lifecycle. Hardware security modules act as trust anchors that protect the cryptographic infrastructure of organizations by securely managing, processing, and storing cryptographic keys inside a hardened, tamper-resistant device.
Terminology
- AD CS - Active Directory Certificate Services
- AIA - Authority Information Access
- CA - Certification Authority
- CDP - CRL Distribution Point
- CEP - Certificate Enrollment Policy
- CES - Certificate Enrollment Service
- CP - Certificate Policy
- CPS - Certificate Practice Statement
- CRL - Certificate Revocation List
- CSP - Cryptographic Service Provider
- DRA - Data Recovery Agent
- HSM - Hardware Security Module
- KRA - Key Recovery Agent
- KSP - Key Storage Provider
- OID - Object Identifier
- OSCP - Online Certificate Status Protocol
- PEN - Private Enterprise Number
- PKI - Public Key Infrastructure
- SCEP - Simple Certificate Enrollment Protocol
Links
- Active Directory Certificate Services
- Certification Authority Guidance (Server 2012)
- Active Directory Certificate Services Step-by-Step Guide
- Public Key Infrastructure Design Guidance
- Designing and Implementing a PKI
- Implementing PKI Using Microsoft Windows Server 2012 Certificate Services
- A Microsoft PKI Quick Guide
- Active Directory Certificate Services (AD CS) Public Key Infrastructure (PKI) Design Guide
- Design Considerations before Building a Two Tier PKI Infrastructure
- Designing a Public Key Infrastructure
- Windows PKI Documentation Reference and Library
- Set Up a Certification Authority by Using a Hardware Security Module
- Best Practices for Implementing a Microsoft Windows Server 2003 Public Key Infrastructure
- Windows PKI documentation reference
- Enterprise PKI with Windows Server 2012 R2 Active Directory Certificate Services
- Deploying Enterprise PKI on Windows Server 2012 R2
No comments:
Post a Comment