Designing The Certificate Enrollment Process

Creating CA hierarchies is only the first step in the design of certificate services for an enterprise

. You must also design the process of certificate enrollment and certificate distribution. Certificate enrollment is the process used to obtain a certificate. You can design enrollment to happen via user request or to be automatic. There are two parts to the enrollment process that you must consider during design: first, who and how a request can be made, and second, "whether the request will be approved. Certificate distribution is the process of getting the certificate to the device from which it will be used. Windows Server 2003 can distribute many certificates across the network to the computers on which they will be used. You can also export a certificate to a file, transport it where it needs to go, and manually install it on the device. MCTS Exam

After this lesson, you will be able to

Explain the certificate enrollment process.

Explain the considerations for designing certificate enrollment.

Design the certificate enrollment and distribution policy.

Configure enrollment and certificate distribution for the offline root CA.

Estimated lesson time: 90 minutes :

How the Certificate Enrollment Process Works

Before you begin your design, you must understand how the certificate enrollment process works. The enrollment process consists of two main steps: request and approval or denial. The process varies depending on the type of certificate, the type of CA and its configuration, and whether it is automatic or manual. Typical certificate enrollment processes include:

The CA enrollment process

The manual end-user enrollment process

The automatic end-user enrollment process

The following sections describe these processes in detail.

Windows Server 2003 authenticates users and applications using either the Kerberos version 5 or NTLM protocol. The Kerberos version 5 protocol is the default protocol for computers running Windows Server 2003. If any computer involved in a transaction does not support Kerberos version 5, the NTLM protocol is used. MCTS Certification

When using the Kerberos version 5 protocol, the client requests a ticket from a domain controller in its account domain for presentation to the server in the trusting domain. This ticket is issued by an intermediary trusted by the client and the server. The client presents this trusted ticket to the server in the trusting domain for authentication.

When a client tries to access resources on a server in another domain using NTLM authentication, the server containing the resource must contact a domain controller in the client's account domain to verify the account credentials. A trust relationship can also be created with any MIT version 5 Kerberos realm.

by: endeavor03

POST COMMENT

Apartments In Petaluma That Have Style And Class Common Sense With Regard To Purchasing Sought After Cruise Deals Designed For All The Time For Trave Buying Roll Up Banners Getting A Discount Designer Clothing Exclusively Designed Lelli Kelly Shoes For Girls Well Designed Logo-An Essential Element of Corporate Image Office Desks Style and Substance need to be combined! How To Create Your Company Banner Design? Should You Care About The Quality Of Your Brochure Design? Who Needs A Brochure Design? Effective Logo Design Process Things To Consider Before Designing A Logo Storksak Diaper Bags - The Latest Styles