module 13: enterprise pki active directory certificate services (ad cs)
TRANSCRIPT
Module 13:Enterprise PKI Active Directory Certificate
Services (AD CS)
Lesson 1: Certificate Authority
List improvements to Certificate Services
Monitor Active Directory Certificate Services using PKIView
Describe new Group Policy settings for Certificate Services
Describe the Microsoft Simple Certificate Enrollment Protocol
Describe the Online Certificate Status Protocol
Use Certificate Web Enrollment
Manageability:
Improved administrative user experience
Network Device Enrollment
Service
Enabling delegated enrollment agent
functionality
Certificate Authority
Enterprise PKI
• Enhanced credential
life cycle management
• Enabling revocation
across all applications
• Enhanced manageability
and deployment of
Certificate Services
• New certificate
enrollment API and UI
Certificate Policy Settings
Central Certificate Setting Management
Computer Configuration\Windows Settings\Security Settings\Public Key Policies
Control Whether Users Make Peer Trust Decisions
Certificate Deployment
Microsoft Simple Certificate Enrollment Protocol
Generates One-Time Enrollment Passwords
Processes SCEP Enrollment Requests
Retrieves Pending Requests from certificate authority (CA)
Online Certificate Status Protocol
•Responder Features:–Support for multiple CAs
–Supports caching
–Supports NONCE and No-NONCE requests
•New Revocation Services:–New OCSP client in Windows Vista™
–New OCSP Responder in Windows Server® 2008
–Integrate OCSP stapling into Kerberos and SSL protocols
Certificate Web Enrollment
Provides Certificates for Non-Domain Users
Based on CertEnroll.dll
Creates “CertSrv” Web Site.