Objective 3.6: Deploy, Manage, and Configure SSL Certificates

SSL is primarily used to secure data sent over networks. The Hypertext Transfer Protocol Secure (HTTPS) protocol, used for securing Web traffic, encrypts all headers, URLs, cookies, and of course data submitted to the Web site. Any Web application that requests the transmission of confidential data, such as credit card information, over the Internet, needs to use SSL to make sure that intercepted transmissions are not easily read by malicious users.

SSL can also be used to secure traffic between a Web server on a perimeter network (also known as DMZ, demilitarized zone, and screened subnet) and a Microsoft SQL Server computer located on an internal LAN. Similarly, SSL can be used to secure traffic from a client workstation to an Active Directory server in addition to e-mail traffic between Microsoft Office Outlook 2003 and a Microsoft Exchange Server computer.

Certificate reenrollment can be configured through Active Directory or by using the Certificate Templates MMC on the certification authority (CA). It is important to note that a CA cannot issue a certificate that expires after its own certificate does. If the renewal request specifies an interval that ends after the CA’s issuing certificate, the request will be truncated to the same date as the issuing certificate’s expiration.