Security |
The role of Certificate Services is to issue and manage certificates, which are used in software security systems that employ public key technologies.
The role of Certificate Services is to create a CA that receives certificate requests from clients and servers, verifies the information in the request, and issues a corresponding X.509 certificate. The Certificate Services Manager administration tool enables you to administer Certificate Services.
The CA receives requests for new certificates over transports such as HTTP or e-mail. It then checks each request against predefined policies, sets optional properties for the certificate, and issues the certificate. With Certificate Services, administrators can add certificates to a Certificate Revocation List (CRL), as well as publish a signed CRL to a published file share or to the Active Directory on a regular basis.
Certificate Services supports issuing certificates for Secure/Multipurpose Internet Mail Extensions (S/MIME), and digital signatures for use in SSL and TLS.
Programmable interfaces are included, so developers can create support for additional transports, policies, and certificate properties and formats.
A Quick Detour: X.509, DER, PKCS Explained
You’ll notice references to X.509, Distinguished Encoding Rules (DER) encoding, (Public Key Cryptography Standards) PKCS #7, and Base64 when you use or administer certificate-based solutions. X.509 is the industry-standard certificate type. You can find more information at http://www.rsa.com/rsalabs/faq/html/5-3-2.html. DER is a binary encoding format for certificates. You can find more information at ftp://ftp.rsa.com/pub/pkcs/doc/layman.doc. PKCS #7, developed by RSA Data Security, is a binary format for defining encrypted and signed data, such as certificates. You can find more information at http://www.rsa.com/rsalabs/faq/html/5-3-3.html. Base64 encoding is a text-based encoding system for binary data. It is the same coding scheme used in Basic authentication, and is defined in the Internet standard RFC1521. |
See the following: