Академический Документы
Профессиональный Документы
Культура Документы
Module 2: Configuring AD CS
Overview of PKI
Deploying a CA Hierarchy
Installing AD CS
Managing CA
Lesson 1: Overview of PKI
What Is PKI? : public key infra-structure
Certificate
Revocation Lists
Certification Authority Digital Certificates Certificate Templates (CRL) & Online
Responders
AD CS
Types of CAs
Certification Authority
Issues a Certificate Verifies the Identity of Issues Certificates to Users, Manages Certificate
for Itself the Certificate Requestor Computers, and Services Revocation
Discussion: Options for Implementing CA
What are the advantages and disadvantages of using an external public
CA?
What are the advantages and disadvantages of using an internal CA?
Types of CAs
Root CA: turn off computer after set-up
Is the most trusted type of CA in a PKI
infrastructure
Is a self-signed certificate
Subordinate CA
Is issued by another CA
Root Root
Subordinate Subordinate
Root Root
Subordinate Subordinate
Root CA Root CA
Subordinate Subordinate
CA CA
Organization 1 Organization 2
Root CA Root CA
Subordinate
Subordinate
CA
CA
Organization 1 Organization 2
Lesson 3: Installing AD CS
Considerations for Installing Root CA
Installing Subordinate CA
Validity Period
Planning a Root CA
#
Certificate
CSP
Default: 2048 Hash Algorithm
Key Character Length
Private Key Configuration
Demonstration: How To Install AD CS as a
Root CA
To install the AD CS server role as an Enterprise Root CA
Considerations for Installing a Subordinate CA
Validity Period
Planning a Root CA
#
Certificate
CSP
Default: 2048 Hash Algorithm
Key Character Length
Private Key Configuration
CA Renewal Settings
Key Size
All revoked Lesser publication interval Large size Client computer using
certificates any version of Windows®
Delta CRLs
Revoke Revoke
Cert5 Cert7
Time
Cert3 Cert3
Cert5
Cert7
Base CRL# 1 Base CRL# 2
Where to Publish AIAs and CDPs
Publish the root certificate CA and URL to:
Active Directory®
Web servers
Firewall Firewall
Internet
To publish the CRL and CA certificate for the offline root CA to an HTTP
location
To view the CRL
Logon information
6426A-NYC-DC1
Virtual machine
6426A-NYC-SVR1
User name Administrator
Password Pa$$w0rd
_