ADCS Part 1
This AD CS role is responsible for issuing and managing certificates in a Windows domain.
What is a Certification Authority (CA)?
This protocol is used by AD CS to publish certificate revocation lists (CRLs).
What is HTTP?
This type of CA sits at the top of a PKI hierarchy and is typically kept offline for security.
What is a Root CA?
This built-in Windows group grants full control over a CA, including configuration and certificate issuance.
What is the CA Administrators group?
This setting determines how long a CA-issued certificate remains active.
What is the Validity Period?
This type of CA is typically used in enterprise environments and is integrated with Active Directory.
What is an Enterprise CA?
This type of CA is not domain-joined and is often used as a root CA in a PKI hierarchy.
What is a Standalone CA?
This configuration file is used during CA installation to define certificate policies, extensions, and authority information access.
What is CAPolicy.inf??
This role can approve certificate requests but cannot change CA configuration
What is the Certificate Manager?
This CA configuration file can be used to define custom policy module behavior.
What is CAPolicy.inf??
This AD CS component allows users to request certificates via a web browser.
What is the Certificate Enrollment Web Service?
This AD CS role service enables certificate requests from non-domain joined devices.
What is the Network Device Enrollment Service (NDES)?
This CAPolicy.inf section defines the URLs where clients can retrieve the CA’s certificate and CRL.
What is [AuthorityInformationAccess]?
This CA security setting determines who can request, issue, and manage certificates.
What is the CA ACL (Access Control List)?
This CA management action should be performed before making major changes to templates or issuance rules.
What is backing up the CA?
This certificate template setting determines who can enroll for a certificate.
What is Security Permissions?
This file contains a list of certificates that have been revoked before their expiration date.
What is a Certificate Revocation List (CRL)?
When deploying a root CA, this physical security measure is often recommended to prevent unauthorized access.
What is keeping the root CA offline?
This tool is used to back up and restore a CA’s private key and database.
What is certutil?
This CA role is responsible for managing certificate templates and enrollment permissions.
What is the Template Administrator?
This AD CS feature automatically assigns and renews certificates for domain-joined clients.
What is Autoenrollment?
This PowerShell cmdlet can be used to install the AD CS role on a Windows Server.
What is Install-AdcsCertificationAuthority?
Before deploying a root CA, administrators should carefully plan these three elements: certificate validity period, key length, and this critical trust anchor.
What is the root CA certificate?
This module evaluates incoming certificate requests and enforces issuance policies.
What is the Policy Module?
This CA security Zero Trust best practice involves limiting access to the CA server and using role separation.
What is implementing least privilege?