{"id":1011,"date":"2018-01-30T18:01:35","date_gmt":"2018-01-30T18:01:35","guid":{"rendered":"http:\/\/wiki.thomasandsofia.com\/?p=1011"},"modified":"2018-02-01T00:22:56","modified_gmt":"2018-02-01T00:22:56","slug":"active-directory-certificate-services","status":"publish","type":"post","link":"https:\/\/wiki.thomasandsofia.com\/?p=1011","title":{"rendered":"Active Directory Certificate Services"},"content":{"rendered":"<p>Lesson 3 of 6<\/p>\n<p><a href=\"https:\/\/mva.microsoft.com\/en-us\/training-courses\/understanding-active-directory-8233?l=TuKZjRJy_4204984382\" target=\"_blank\" rel=\"noopener\">https:\/\/mva.microsoft.com\/en-us\/training-courses\/understanding-active-directory-8233?l=TuKZjRJy_4204984382<\/a><\/p>\n<p><a href=\"http:\/\/wiki.thomasandsofia.com\/2017\/12\/05\/active-directory-domain-services\/\">&lt; Lesson 2<\/a> | Lesson 4 &gt;<\/p>\n<h1>Main Menu<\/h1>\n<h1>Overview of Certificate Services<\/h1>\n<ul>\n<li>What is a Certificate Authority\n<ul>\n<li>A Certification Authority is an entity entrusted to issue certificates to:\n<ul>\n<li>Individuals\/Users<\/li>\n<li>Computers<\/li>\n<li>Organizations<\/li>\n<li>Network Devices<\/li>\n<li>Services<\/li>\n<\/ul>\n<\/li>\n<li>These certificates verify the identity and other attributes of the certificate subject to other entities.<\/li>\n<\/ul>\n<\/li>\n<li>How CA Hierarchies Work\n<ul>\n<li>CA Hierarchies include a root CA and one or more levels of subordinate CAs (option)<\/li>\n<li>Reasons for deploying more than a single server CA hierarchy\n<ul>\n<li>Usage\n<ul>\n<li>secure emails, web servers, etc.<\/li>\n<\/ul>\n<\/li>\n<li>Organizational divisions<\/li>\n<li>Geographic divisions<\/li>\n<li>Load balancing<\/li>\n<li>High Availability<\/li>\n<li>Restrict administrative access\n<ul>\n<li>Allows very granular control<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<li>Options for Implementing CAs\n<ul>\n<li>When implementing a CA solution, you can\n<ul>\n<li>Use an internal private CA\n<ul>\n<li>Internal CAs are less expensive and provide more administrative options, but the issued certificates are not trusted by external clients.<\/li>\n<\/ul>\n<\/li>\n<li>Use an external public CA\n<ul>\n<li>Managed by a 3rd party.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<li>Options for Integrating AD CS and AD DS\n<ul>\n<li><a href=\"http:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2018\/01\/ofiadcs.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-1016\" src=\"http:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2018\/01\/ofiadcs.png\" alt=\"\" width=\"565\" height=\"341\" srcset=\"https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2018\/01\/ofiadcs.png 565w, https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2018\/01\/ofiadcs-300x181.png 300w, https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2018\/01\/ofiadcs-150x91.png 150w\" sizes=\"auto, (max-width: 565px) 100vw, 565px\" \/><\/a><\/li>\n<\/ul>\n<\/li>\n<li>Demonstration: Tools for Managing AD CS\n<ul>\n<li>This demonstration shows you how to install CS, but NOT how to configure it, making it impossible to follow along after the installation process completes.\u00a0 LAME!<\/li>\n<li>Certification Authority Tool\n<ul>\n<li>Revoked Certs<\/li>\n<li>Issued Certs<\/li>\n<li>Pending requests<\/li>\n<li>Failed requests<\/li>\n<li>Cert. templates\n<ul>\n<li>Right click &gt; Manage = Cert. Template Console<\/li>\n<li>From here, you can modify the Templates for the certs that <strong>can be<\/strong> issued by the Cert. Authority.\n<ul>\n<li>You do not use this page to determine which certs to issue.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<li>Online Responder Configuration\n<ul>\n<li>Alternative to certification revokation list.<\/li>\n<\/ul>\n<\/li>\n<li>Enterprise PKI\n<ul>\n<li>provides information about your certification authority.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h1>Understanding Active Directory Certificate Services Certificates<\/h1>\n<ul>\n<li>What are Digital Certificates?\n<ul>\n<li>A certificate is a digital file with 2 parts\n<ul>\n<li>Basic information about the Certificate and the Holder\n<ul>\n<li>Name<\/li>\n<li>Location<\/li>\n<li>Organizational Information<\/li>\n<\/ul>\n<\/li>\n<li>Key (might be public or private)\n<ul>\n<li>Public keys are distributed to all clients that request it.<\/li>\n<li>Private keys are only stored on the computer from which it was requested.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<li>How Public Keys and Private Keys Work<\/li>\n<li>Demonstration: Using Certificates to Secure Data<\/li>\n<li>What are Certificate Templates?\n<ul>\n<li>Define what certificates can be issued by the CAs<\/li>\n<li>Define certificates used for various purposes<\/li>\n<li>Define which security principles have permissions to read, enroll and configure the certificate template.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h1>Implementing Certificate Enrollment and Revocation<\/h1>\n<ul>\n<li>Options for Implementing Certificate Enrollment\n<ul>\n<li>What methods are used for certificate enrollment?\n<ul>\n<li>Web Enrollment<\/li>\n<li>Manual\/Offline Enrollment<\/li>\n<li>Automatic Enrollment<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<li>Demo: Using Web Enrollment to Obtain Certificates\n<ul>\n<li>In this demonstration, you will see how to use web enrollment to obtain certificates.<\/li>\n<\/ul>\n<\/li>\n<li>Administering Certificate Enrollment\n<ul>\n<li>To obtain a cert. using manual enrollment\n<ul>\n<li>Create a cert. request<\/li>\n<li>Submit cert. request to CA<\/li>\n<li>Obtain administrative approval for certificate<\/li>\n<li>Retrieve cert. from CA and install on client.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Lesson 3 of 6 https:\/\/mva.microsoft.com\/en-us\/training-courses\/understanding-active-directory-8233?l=TuKZjRJy_4204984382 &lt; Lesson 2 | Lesson 4 &gt; Main Menu Overview of Certificate Services What is a Certificate Authority A Certification Authority is an entity entrusted to issue certificates to: Individuals\/Users Computers Organizations Network Devices Services These certificates verify the identity and other attributes of the certificate subject to other entities. ..<\/p>\n<div class=\"clear-fix\"><\/div>\n<p><a href=\"https:\/\/wiki.thomasandsofia.com\/?p=1011\" title=\"read more...\">Read more<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[33],"tags":[],"class_list":["post-1011","post","type-post","status-publish","format-standard","hentry","category-active-directory"],"_links":{"self":[{"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=\/wp\/v2\/posts\/1011","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1011"}],"version-history":[{"count":5,"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=\/wp\/v2\/posts\/1011\/revisions"}],"predecessor-version":[{"id":1018,"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=\/wp\/v2\/posts\/1011\/revisions\/1018"}],"wp:attachment":[{"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1011"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1011"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1011"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}