Windows 2000 Public Key Infrastructure and Certificate Services Duane Crider Support Professional Mi

About This Presentation

Title:

Windows 2000 Public Key Infrastructure and Certificate Services Duane Crider Support Professional Mi

Description:

Windows 2000 Certificate Services. Issues, manages, renews, and revokes certificates ... Integration with Windows 2000 for native certificate support. CA hierarchies ... – PowerPoint PPT presentation

Number of Views:78

Avg rating:3.0/5.0

Slides: 26

Provided by: duanec

Category:

more less

Transcript and Presenter's Notes

Title: Windows 2000 Public Key Infrastructure and Certificate Services Duane Crider Support Professional Mi

1
Windows 2000 Public Key Infrastructure and
Certificate ServicesDuane CriderSupport
ProfessionalMicrosoft Corporation
2
Public Key Infrastructure

Certificate Authorities
Digital Signatures
Authentication
File Encryption
IP Security
Secure E-mail

3
Symmetric vs. Asymmetric Encryption

Symmetric Encryption (Secret Key Encryption)
Asymmetric Encryption (Public Key Encryption)

4
Public Key Cryptography Standards (PKCS)

PKCS 7
Cryptographic Message Syntax Standard
PKCS 10
Certification Request Syntax Standard
PKCS 12
Personal Information Exchange Syntax Standard

5
Overall Picture of Public Key Infrastructure
6
Windows 2000 Certificate Services

Issues, manages, renews, and revokes certificates
Part of the public-key infrastructure
implementation as Certificate Authorities (CAs)
Allows businesses to act as their own CAs to
issue and manage digital certificates

7
Enhancements Since 1.0

New Microsoft Management Console (MMC) snap-in
manageability
Smart card, Encrypted File System (EFS), and
Internet Protocol security (IPSec) certificate
usage types
Integration with Windows 2000 for native
certificate support
CA hierarchies

8
(No Transcript)
9
Digital Certificates

A collection of data used for authentication and
secure transfer of information across unsecure
systems
Responsible for ensuring the identity of the
certificate requestor
Typically uses a public key system maintained by
a CA

10
Certificate Contents

Version
Serial number
Signature algorithm ID
Issuer name
Validity period
Subject (user) name
Subject public key information
Issuer unique identifier
Subject unique identifier
Extensions
Issuer signature

11
Uses for Certificates

Encrypting file system (EFS, recovery agents, and
so on)
IPSec (encrypting protocol-based communication)
Digitally signed and encrypted e-mail messages
Smart card logon
Secure Sockets Layer (SSL) and thread local
storage (TLS) communication

12
Certificate Authorities

Responsible for issuing certificates based on a
set of established criteria
Responsible for guaranteeing that the
certificates are authentic and valid
Can be a group within the company or a
third-party vendor (for example, Verisign)

13
Certificate Authority Classes in Windows 2000

Enterprise CA
Requires a domain controller
Database is stored in Active Directory
Issues certificates inside a corporation
Stand-Alone CA
Does not require a domain controller
Maintains its own certificate database
Issues certificates outside an organization

14
Enterprise Certificate Authority Installation
Requirements

Windows 2000 DNS service
Windows 2000 Directory service
Administrative privileges on the DNS, directory,
and CA servers

15
Enterprise Subordinate Requirements

Must have a parent CA
Can be an external commercial CA, an enterprise
CA, or a stand-alone CA
Windows 2000 DNS service
Windows 2000 Directory service
Administrative privileges to DNS, Active
Directory, and CA servers

16
Stand-Alone Root CA

Administrative privileges to local CA server

17
Stand-Alone Subordinate CA

Must be associated with a CA that processes the
subordinate CAs requests
Administrative privileges on the local CA server

18
Root, Intermediate, and Issuing CAs
Root CA 1
Root CA 2
Intermediate CA - C
Issuing CA - B
Issuing CA - C
Issuing CA - A
19
Reasons for CA Hierarchies