Server role available in Windows Server 2008 that enables administrators to create and administer PKI certificates for users, computers, and applications
What is Active Directory Certificate Services (AD CS)
100
Certification authority (CA) that issues certificates to users or computers.
What is issuing CA
100
Certificate generated by the enterprise CA that is used to generate a smart card logon certificate for users in the organization.
What is enrollment agent
100
Enables users to manually request certificates using a Web interface
What is Certification Authority Web Enrollment
100
Enables a user to manually create a certificate request file by using the Certificates MMC snap-in.
What is Certificate Request Wizard
200
Template that enables digital signatures, which are required for Online Certificate Status Protocol (OCSP) transactions.
What is OCSP Response Signing certificate
200
In a hierarchy of certification authorities (CA), a single root CA issues certificates to several of these certification authorities.
What is intermediate CA
200
Public Key Policies setting that enables an administrator to modify the list of recovery agents by adding other accounts as recovery agents.
What is Encrypting File System (EFS)
200
Entity that issues digital certificates used by companies to sign SMTP messages exchanged between domain controllers, thereby ensuring the authenticity of directory updates.
What is certification authority (CA)
200
Provides a detailed explanation of how a particular Certification Authority manages certificates and keys.
What is Certificate Practice Statement (CPS)
300
Allows devices, such as hardware-based routers and other network devices and appliances, to enroll for certificates within a Windows Server 2008 PKI that might not otherwise be able to do so.
What is Network Device Enrollment Service (NDES)
300
Arranged in a ranking system whereby many subordinate Cas within an organization can chain upward to a single root CA.
What is hierarchical
300
Electronic signature (created by a mathematical equation) that proves the identity of the entity that has signed a particular document.
What is digital signature
300
Templates used by a CA to simplify the administration and issuance of digital certificates.
What is certificate template
300
Digital document that contains identifying information about a particular user, computer, service, and so forth.
What is certificate
400
User accounts that are configured with a this certificate that allows them to restore an escrow copy of a private key.
What is key recovery agent
400
Public Keys Policies setting that allows an administrator to define and distribute a certificate trust list (CTL) for external root certificate authorities (CAs).
What is Enterprise Trust
400
Digital document that contains identifying information about a particular user, computer, service, and so forth.
What is digital certificate
400
Public Key Policies setting that allows an administrator to enable or disable the automatic enrollment of computer and user certificates, in addition to renewing and requesting certificates based on certificate templates.
What is Certificate Services Client–Auto-Enrollment
400
Public Key Policies setting that enables computers to automatically submit a request for a certificate from an Enterprise Certification Authority (CA) and install that certificate.
What is Automatic Certificate Request
500
Process by which private keys are maintained by the certification authority (CA) for retrieval by a recovery agent, if at all.
What is key archival
500
Entity that can issue certificates only to users and computers in its own forest.
What is enterprise CA
500
Extremely flexible command-line utility for administering Active Directory Certificate Services.
What is certutil
500
List that identifies certificates that have been revoked or terminated as well as the corresponding user, computer, or service.
What is Certificate Revocation List (CRL)
500
PKI feature supported by Windows Server 2003 and later that allows users and computers to automatically enroll for certificates based on one or more certificate templates, as well as use Group Policy settings in Active Directory.