Presentation is loading. Please wait.

Presentation is loading. Please wait.

CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+"— Presentation transcript:

1 CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+

2 Agenda Chapter 13: Configuring Active Directory Certificate Services Exercise Lab Quiz

3 Public Key Infrastructure Allow two parties to communicate securely, without any previous communication, through the use of public key cryptography Public key cryptography stores a public key for each participant in a PKI Each participant also possesses a private key By combining the public key with private key, one entity can communicate with another entity in a secure fashion without exchanging any sort of shared secret key beforehand ▫A shared secret key is a secret piece of information that is shared between two parties

4 Shared Secret Key http://en.wikipedia.org/wiki/Public_key

5 Certificate Authority (CA) An entity that issues and manages digital certificates for use in a PKI ▫For Server 2008, it requires AD CS server role ▫CAs are hierarchical (One root and several subordinate CAs) ▫Three-tier hierarchy, where a single root CA issues certificates to a number of intermediate CAs, allowing the intermediate CAs to issue certificates to users or computers

6 Digital Certificate (certificate) The digital certificate contains ▫The certificate holder’s name ▫Public key ▫The digital signature of the Certificate Authority that issued the certificate ▫The certificate’s expiration date

7 Digital Signature Proves the identity of the entity that has signed a particular document A digital signature indicates that the message is authentic and has not been tampered with since it left the sender’s Outbox

8 Certificate Practice Statement and Certificate Revocation List Certificate Practice Statement (CPS) ▫Provides a detailed explanation of how a particular CA manages certificates and keys Certificate Revocation List (CRL) ▫This list identifies certificates that have been revoked or terminated, corresponding user, computer, or service ▫Services that utilize PKI should reference the CRL to confirm that a particular certificate has not been revoked prior to its expiration date

9 Certificate Templates Templates used by a CA to simplify the administration and issuance of digital certificates

10 Self-Enrollment and Enrollment Agents Self-Enrollment ▫This feature enables users to request their own PKI certificates, typically through a Web browser Enrollment agents ▫These are used to request certificates on behalf of a user, computer, or service You can use either self-enrollment or enrollment agents

11 Auto-Enrollment Supported by Windows Server 2003 and later Allows users and computers to automatically enroll for certificates based on: ▫One or more certificate templates ▫Group Policy settings in Active Directory ▫Certificate templates that are based on Windows 2000 will not allow auto-enrollment to maintain backwards compatibility

12 Recovery Agent These agents are configured within a CA to allow users to recover private keys for users, computers, or services if their keys are lost

13 Key Archival This is the process by which private keys are maintained by the CA for retrieval by a recovery agent In a Windows PKI implementation, users’ private keys can be stored within AD

14 Windows Server 2008 and Certificate Services The AD CS server role consists of the following services and features: ▫Web enrollment ▫Online Responder  Responds the requests from clients about the certificate status  Online Certificate Status Protocol (OCSP) ▫Network Device Enrollment Service (NDES)  To enroll the hardware-based routers and other network device for PKI certificates

15 Types of CAs When deploying a Windows-based PKI, two different types of CAs can be deployed: ▫Standalone CA  Not integrated with AD  It requires administrator intervention to respond to certificate requests ▫Enterprise CA  Integrated with AD  Can use certificate templates

16 Configuring Certificate Auto- enrollment for Wireless Networks You can control PKI in Public Key Policies area in the group policy ▫Encrypting File System (EFS)  Recovery agents (In computer configuration node) ▫Automatic Certificate Request  All computers to automatically submit a request for a certificate from an Enterprise CA

17 Configuring Certificate Auto- enrollment for Wireless Networks You can control PKI in Public Key Policies area in the group policy ▫Trusted Root Certificate Authorities  It determines if uses can choose to trust root CAs ▫Enterprise Trust  Allows an administrator to define and distribute a CTL for external root CAs ▫Certificate Services Client-Auto-Enrollment  Allows an administrator to enable or disable the automatic enrollment  Use auto-enrollment to write certificate information to the smart card through GPO

18 Infrastructure components for Auto- Enrollment of PKI Clients must be running XP, Vista Business or Ent., Server 2003, Server 2008 Enterprise CA running on Server 2003 or 2008

19 Extra materials http://networklore.com/components-of-pki/

20 Assignment Fill in the blank ▫1-10 Multiple Choice ▫1-10 Online Lab 13

Download ppt "CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+"

Similar presentations

1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.

1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.
Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.

Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Planning a Public Key Infrastructure

Planning a Public Key Infrastructure
Grid Computing, B. Wilkinson, 20045a.1 Security Continued.

Grid Computing, B. Wilkinson, 20045a.1 Security Continued.
Deploying and Managing Active Directory Certificate Services

Deploying and Managing Active Directory Certificate Services
Certificates Last Updated: Aug 29, 2013. A certificate was originally created to bind a subject to the subject’s public key Intended to solve the key.

Certificates Last Updated: Aug 29, A certificate was originally created to bind a subject to the subject’s public key Intended to solve the key.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.

Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.
Chapter 9 Deploying IIS and Active Directory Certificate Services

Chapter 9 Deploying IIS and Active Directory Certificate Services
Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.

Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
Copyright line. Configuring Certificate Services and PKI Exam Objectives  Planning a Windows Server 2008 Certificate-Based PKI  Implementing Certification.

Copyright line. Configuring Certificate Services and PKI Exam Objectives  Planning a Windows Server 2008 Certificate-Based PKI  Implementing Certification.
Windows Vista And Longhorn Server PKI Enhancements Avi Ben-Menahem Lead Program Manager Windows Security Microsoft Corporation.

Windows Vista And Longhorn Server PKI Enhancements Avi Ben-Menahem Lead Program Manager Windows Security Microsoft Corporation.
16.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
Understanding Active Directory

Understanding Active Directory
Chapter 11: Active Directory Certificate Services

Chapter 11: Active Directory Certificate Services

Similar presentations

Ads by Google