UEU-co logo

ch22lev1sec3.html


Previous Page Next Page

Understanding the Active Directory Certificate Services

Certificates play an important role in the public key infrastructure that Microsoft has developed to protect network data. A certificate (also known as a digital certificate) is used to identify an entity on the network. The holder of a certificate (how the certificate is obtained is discussed in a moment) is trusted by the network.

The public key infrastructure actually uses both secret keys and public keys when data is exchanged. The secret key provides the security for the exchange and is often generated just for the session when the data moves from sender to receiver. The secret key (which is encrypted) is shared between the users in the data exchange session; each user is identified by a public key.

A certificate, then, is used to identify a public key user. Certificates are provided by a Certificate Authority, which is basically a trusted third party that authenticates a user’s public key with a certificate (somewhat like a certificate of authenticity that you receive for expensive jewelry or an antique). A number of public Certificate Authorities, such as Verisign, provide digital certificates. If a user who wants to send data is identified by a certificate, the receiver of the data has no problem accepting the data because it is from a “trusted and certified” user. A number of applications can use certificates for secure data exchange such as Microsoft Outlook and Microsoft Internet Explorer.

Although a number of Certificate Authorities can be used to purchase certificates, you might want to take advantage of certificates as another level of security on your Windows Server 2008 domain (or enterprise network). A server running Windows Server 2008 can be configured for Active Directory Certificate Services. The server can then act as your own internal Certificate Authority.

Previous Page Next Page

Leave a Reply


Time limit is exhausted. Please reload the CAPTCHA.

Categories

apply_now Pepperstone Group Limited