Module 13:Enterprise PKI Active Directory Certificate

Services (AD CS)

Lesson 1: Certificate Authority

List improvements to Certificate Services

Monitor Active Directory Certificate Services using PKIView

Describe new Group Policy settings for Certificate Services

Describe the Microsoft Simple Certificate Enrollment Protocol

Describe the Online Certificate Status Protocol

Use Certificate Web Enrollment

Manageability:

Improved administrative user experience

Network Device Enrollment

Service

Enabling delegated enrollment agent

functionality

Certificate Authority

Enterprise PKI

• Enhanced credential

life cycle management

• Enabling revocation

across all applications

• Enhanced manageability

and deployment of

Certificate Services

• New certificate

enrollment API and UI

Certificate Policy Settings

Central Certificate Setting Management

Computer Configuration\Windows Settings\Security Settings\Public Key Policies

Control Whether Users Make Peer Trust Decisions

Certificate Deployment

Microsoft Simple Certificate Enrollment Protocol

Generates One-Time Enrollment Passwords

Processes SCEP Enrollment Requests

Retrieves Pending Requests from certificate authority (CA)

Online Certificate Status Protocol

•Responder Features:–Support for multiple CAs

–Supports caching

–Supports NONCE and No-NONCE requests

•New Revocation Services:–New OCSP client in Windows Vista™

–New OCSP Responder in Windows Server® 2008

–Integrate OCSP stapling into Kerberos and SSL protocols

Certificate Web Enrollment

Provides Certificates for Non-Domain Users

Based on CertEnroll.dll

Creates “CertSrv” Web Site.