Applies To:

  • Windows Server 2003,
  • Windows Server 2003 R2,
  • Windows Server 2008,
  • Windows Server 2008 R2

Introduction

Active Directory Certificate Services (AD CS) provides customizable services for issuing and managing public key certificates used in software security systems that employ public key technologies. With strong security and easy administration across the Internet, extranets, intranets, and applications, AD CS provides customizable services for issuing and managing the certificates used in software security systems employing public key technologies. AD CS allows you to move beyond traditional username and password combinations for more robust authentication and resource access security. By installing Active Directory Certificate Services (AD CS), you are either creating or extending a Public Key Infrastructure (PKI). A PKI structure that meets the requirements of most organizations is a multi-tier Certification Authority (CA) hierarchy that implements an Offline Root CA. For more information, see the Windows PKI documentation and reference library.

If you are new to AD CS, this topic can help you identify what you need to learn to fully understand AD CS. Ensure that you first understand the prerequisite topics, because the later AD CS topics build upon as well as assume an understanding of the prerequisites. Afterwards, you can begin learning about AD CS through the resources in the Level 100 (introductory), 200 (intermediate), and 300 (advanced) sections.

 

Prerequisites

This section contains links to a variety of resources that contain the background information you need to fully understand AD CS.

Step 1:

Learn about Active Directory Certificate Services (AD CS). See Active Directory Certificate Services Overview (http://social.technet.microsoft.com/wiki/contents/articles/active-directory-certificate-services-ad-cs-overview.aspx). Your goal is to understand the role of AD CS for Windows-based networks.

Step 2:

Learn about Internet Information Services (IIS). See the IIS 7 Deployment Guide (http://technet.microsoft.com/en-us/library/cc771752(WS.10).aspx). Your goal is to understand how to install IIS to support Web enrollment for digital certificates.

Step 3:

Learn about public key cryptography. See Chapter 1 – Cryptography Basics of the Windows Server 2008 PKI and Certificate Security Microsoft Press book (http://www.microsoft.com/learning/en/us/book.aspx?ID=9549&locale=en-us) and Chapter 2 – Public Key Cryptography of the Understanding Public Key Infrastructure: Concepts, Standards, and Deployment Considerations, Second Edition book (http://www.amazon.com/Understanding-PKI-Standards-Deployment-Considerations/dp/0672323915/ref=sr_1_3?s=books&ie=UTF8&qid=1287098353&sr=1-3#_). Your goal is to understand cryptography basics, the difference between symmetric and asymmetric encryption, and how public key cryptography provides a digital signing capability.

Step 4:

Learn PKI fundamentals. See Chapter 2 – Primer to PKI of the Windows Server 2008 PKI and Certificate Security Microsoft Press book. (http://www.microsoft.com/learning/en/us/book.aspx?ID=9549&locale=en-us) and Chapter 3 – The Concept of an Infrastructure of the Understanding Public Key Infrastructure: Concepts, Standards, and Deployment Considerations, Second Edition book (http://www.amazon.com/Understanding-PKI-Standards-Deployment-Considerations/dp/0672323915/ref=sr_1_3?s=books&ie=UTF8&qid=1287098353&sr=1-3#_). Your goal is to understand the X.509 standard for digital certificates, certification authorities, certificate revocation lists, key backup and recovery, and cross certification. 

Level 100

  1. Step 1: Learn about the benefits of using AD CS in Windows (http://technet.microsoft.com/en-us/library/cc731564%28WS.10%29.aspx) and (http://www.microsoft.com/windowsserver2008/en/us/ad-cs.aspx). Your goal is to understand the business benefits of AD CS and how it addresses business needs.

Level 200

  1. Step 1: Configure AD CS in a test lab using the Active Directory Certificate Services Step-by-Step Guide (http://technet.microsoft.com/en-us/library/cc772393%28WS.10%29.aspx). Your goal is to understand the business benefits of AD CS and how it addresses business needs.
  2. Step 2: Review the TechNet Webcast: Deploying a PKI Solution with Active Directory Certificate Services.

 

Level 300

  1. Step 1: View the TechNet Webcast: How Microsoft IT Deployed PKI Inside Microsoft (Level 300)
  2. Step 2: Learn about the technical details of certificate revocation checking (http://technet.microsoft.com/en-us/library/ee619754%28WS.10%29.aspx). Your goal is to understand how certificate validation and revocation checking works with Windows clients and servers.

See also

Windows PKI documentation reference and library