Active Directory Certificate Services

Applies To: Windows Server 2008

Active Directory Certificate Services (AD CS) includes certification authorities (CAs), Online Responders, Network Device Enrollment Services, and related client services that support the issuance and management of digital x.509 certificates used in a variety of applications. Applications that use digital certificates include secure wireless networks, virtual private networks (VPNs), Internet Protocol security (IPsec), Network Access Protection (NAP), Encrypting File System (EFS), and smart card logon.

Hierarchy of Managed Entities

Managed Entities

Name Description

AD CS Certification Authority (CA)

Certification authorities (CAs) accept certificate requests, verify the requester's identifying information according to the policy of the CA, and then use their private keys to digitally sign the certificates that they issue. CAs are also used to revoke certificates that are no longer valid before their scheduled expiration date and to publish certificate revocation lists (CRLs) that are used to verify the validity of published certificates.

AD CS Online Responder

The Microsoft Online Responder service makes it possible to configure and manage Online Certificate Status Protocol (OCSP) validation and revocation checking in Windows-based networks. The Online Responder snap-in allows you to configure and manage revocation configurations and Online Responder Arrays to support public key infrastructure (PKI) clients in diverse environments.