Chapter 20 - Using Microsoft Certificate Services

Chapter 20

In Chapters 18 and 19, you learned about the security protocols and tools that Microsoft Windows 2000 supports. Some of these protocols, like Kerberos and Internet Protocol security (IPSec), are primarily used to protect network traffic from intrusion; others, like Secure Multipurpose Internet Mail Extensions (S/MIME) and Encrypting File System (EFS), protect messages and files from compromise. Even components that don't have anything to do with security directly, like the Active Directory Simple Mail Transfer Protocol (SMTP) site connector, can use these services to gain enhanced security.

The Windows 2000 public-key infrastructure (PKI) provides a way to issue, revoke, and track digital certificates. Microsoft Certificate Services, included as an optional component in Windows 2000 Server, allows you to issue new certificates, certify them as valid, and revoke certificates that you no longer want to use. In this chapter, you'll learn how to install, configure, and manage Certificate Services to provide security for individual computers, domains, and your entire enterprise, both on the Internet and on your intranets. (If you need to know how to manage certificates on a machine, see the section Managing Certificates in Chapter 19.)

A terminology Note: Certificate Services is the actual software; certificate authority or certification authority (CA) refers to any entity, such as Certificate Services, that issues certificates. This chapter uses the two terms interchangeably.