Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
23 Cards in this Set
- Front
- Back
|
Abbrev : AD CS
|
Active Directory Certificate Services
|
|
|
Abbrev : PKI
|
Public Key Infrastructure
|
|
|
Abbrev : CAs
|
Certification Authorities
|
|
|
What is a CA used for ?
|
A CA is used to issue digital certificates and the directories are used to store policies and certificates.
|
|
|
Abbrev : CRL
|
Certificate Revocation List
|
|
|
What is a CRL ?
|
A CRL is a digitally signed list of unexpired certificates revoked by a CA.
|
|
|
What are Certificate Templates ?
|
Certificate templates give instructions to users about procedures for creating and submitting a valid certificate request. This is an essential part of an enterprise CA and enables an administrator to recognize, configure, and issue certificates that have been pre-configured for selected tasks.
|
|
|
Where are Certificate templates stored ?
|
Certificate templates are stored in Active Directory Domain Services (AD DS).
This enables them to be used by all CAs in a forest and ensures that the CAs have access to the current standard templates. |
|
|
Benefits of using Certificate Templates ?
|
consistent application of the certificate policy across the forest.
There are default templates that can be used. |
|
|
Default Certificate Templates Available are ?
|
Computer
Cross Certification Authority Directory Email Replication CEP Encryption Code Signing Domain Controller Domain Controller Authentication EFS Recovery Agent |
|
|
How many versions of Certificate Templates are available ?
|
Version 1
Version 2 Version 3 |
|
|
Explain Version 1 certificate Template ?
|
Version 1certificate templates are available in a Windows Server 2000 PKI. When a CA is installed, these templates are created by default and cannot be removed or modified. However, you can create a duplicate copy of a version 1 template and change it to a modifiable version 2 or version 3 template.
Version 1 templates are supported by CAs configured for Windows Server 2000 and Windows Server 2003 Standard Edition, which only support version 1 templates. |
|
|
Explain Version 2 certificate Template ?
|
Version 2 certificate templates enable you to customize the settings and permissions of a template based on your needs. These templates are only issued by Enterprise CAs installed on Windows Server 2003 Enterprise Edition or higher.
|
|
|
Explain Version 2 certificate Template ?
|
Version 3 certificate templates enable an administrator to add the advanced Suite B cryptographic settings to their certificates. These settings contain advanced options for digital signatures, encryption, hashing, and key exchange. Administrators can only issue certificates based on version 3 certificate templates from CAs installed on Windows Server 2008 servers. These certificates can only be used on clients running Windows Server 2008 or Windows Vista.
|
|
|
Windows Server 2000 and Windows Server 2003 Standard Edition CAs support which version of certificate templates?
|
version 1
|
|
|
Windows Server 2003 Datacenter and Enterprise Edition CAs – support which version of certificate templates ?
|
versions 1 and 2
|
|
|
Windows Server 2008 CAs support which version of certificate templates ?
|
support for versions 1, 2, and 3
|
|
|
What are the permissions that you can assign to a certificate template ?
|
The permissions that you can assign to a certificate template are :
Full Control Enroll Autoenroll Read Write |
|
|
Note : Windows Server 2008 enables key archival and recovery to prevent potential loss of data that can result from the loss of a key.
|
Note : This process enables a Key Recovery Agent (KRA) to retrieve private keys, original certificates, and public keys from a database.
|
|
|
Abbrev : KRA
|
Key Recovery Agent
|
|
|
Note : Enterprise CAs can archive a user's private key in their database when certificates are issued. These private keys are encrypted and stored by a CA.
|
Note :A private key can be recovered at a later time by using the private key archive.
|
|
|
How do you configure your environment for key archival ?
|
To configure your environment for key archival, you will need to
* configure a KRA certificate template and enroll the KRA for a KRA certificate * enable key archival for a CA |
|
|
How do you configure a KRA certificate template ?
|
you need to add the certificate template to a CA.
If the certificate is configured with Read and Enroll permissions, the new KRA can use the Certificates snap-in and the Certificate Import Wizard to create a KRA certificate. If the certificate is configured with the Autoenroll permission, it will be issued automatically the next time the user logs on to the network |
