PKI and Certificate Resources
Bookmark this! https://aka.ms/PkiLinks Email Great PKI Links Here
Having taken some recent internal PKI training, I decided to take my internal PKI resources, update with some of the newer concepts I have been learning about, and am now sharing with you. This is a lot! But if you want to really know PKI and Certificates, particularly around Windows Active Directory Certificate Services (AD CS), then there is plenty for you to read below :) As I find new and update resources, I will refresh this blog. Enjoy?
PRESENTATIONS AND TRAINING
- Digital Certificates 101: Understanding, Managing & Supporting Public Key Infrastructure & Active Directory Certificate Services
- Ignite 2017: Encryption key management strategies for compliance
- Ignite 2017: Adventures in Underland: Is encryption solid as a rock or a handful of dust?
- Ignite 2015: Demystifying Encryption, Certificates, and PKI
- TechEd: Top 10 Mistakes in Microsoft Public Key Infrastructure Deployments
- Virtual Lab: Implementing a Basic PKI in Windows Server 2012 R2
- Virtual Lab: How to Deploy Two-Tier PKI Hierarchy
- Microsoft Virtual Academy: Windows Server 2012 R2 Implementing a Basic PKI
- Brian Komar : Windows Server® 2008 PKI and Certificate Security - Excellent Book!
PKI DESIGN GUIDANCE
- Public Key Infrastructure Design Guidance
- Certification Authority Guidance
- AskDS | Designing and Implementing a PKI: Part I Design and Planning
- AskDS | Designing and Implementing a PKI: Part V Disaster Recovery
- Securing Public Key Infrastructure (PKI)
- For a downloadable version of this PKI content, see https://aka.ms/securingpki
- Windows PKI Documentation Reference and Library
- OASIS PKI White Papers
- Windows PKI Blog
ACTIVE DIRECTORY CERTIFICATE SERVICES (AD CS) OVERVIEW
- Active Directory Certificate Services Overview
- What's New in Certificate Services in Windows Server
- What's Changed in Security Technologies in Windows 8.1
- Windows Server 2012 Active Directory Certificate Services System State Backup and Restore
- Best Practices for Implementing a Microsoft Windows Server 2003 Public Key Infrastructure
- Trusted Platform Module Technology OverviewTrusted Platform Module Technology Overview
- Virtual Smart Card OverviewVirtual Smart Card Overview
- Windows Smart Card Technical Reference
- Active Directory Certificate Services Role
- Cryptography Next Generation
- Cryptography API: Next Generation
ACTIVE DIRECTORY CERTIFICATE SERVER DEPLOYMENT
- Active Directory Certificate Services Step-by-Step Guide
- AskDS | Designing and Implementing a PKI: Part II Implementation Phases and Certificate Authority Installation
- AskDS | Implementing an OCSP responder: Part I - Introducing OCSP
- AskDS | Designing and Implementing a PKI: Part III Certificate Templates
- AskDS | Designing and Implementing a PKI: Part IV Configuring SSL for Web Enrollment and Enabling Key Archival
- Active Directory Certificate Services Migration Guide for Windows Server 2012 R2
- Migrating a Certification Authority Key from a Cryptographic Service Provider (CSP) to a Key Storage Provider (KSP)
- CAPolicy.inf Syntax
- Network Device Enrollment Service (NDES) in Active Directory Certificate Services (AD CS)
- Certificate deployment with System Center 2012 R2 Configuration Manager and Windows Intune
- SCEP certificate enrolling using ConfigMgr 2012, CRP, NDES and Windows Intune
- Pop Quiz: Windows Server 2012 R2 Network Device Enrollment Services
TOOLS
- Sysinternals Security Utilities
- Certreq
- Wbadmin
- Exporting Certificates using CertUtil
- How to Use the Certificates Console - check out the view option!
Shortcuts of Tools on the operating system that you can access quickly from the Start menu!
- Certmgr.msc | opens the local user certificate store - Windows client or server
- Certlm.msc | opens the local computer certificate store - Windows client or server
- Certsrv.msc | Windows Server Certificate Authority CA
- Certtmpl.msc | Windows Server Certificate Templates
- OCSP.msc | Windows Server AD CS Online Responder Configuration | Feature must be installed
- PKIView.msc | Windows Server Enterprise Quick Health Monitoring
- Tpm.msc | Trusted Platform Module Management
See your Policies
- GPMC.msc | Group Policy Management Console
- RSOP.msc | Shows the Resultant Set of Policies | Clients or Servers
- Secpol.msc | Local Security Policies | Has PKI Policies
- Services.msc| To show the following CA services running state | second part below is service alias
- Active Directory Certificate Services | CrtSvc
- Cryptographic Services | CryptSvc
- Online Responder Service | OCSPSvc
DOWNLOADS AND GUIDES
- Active Directory Certificate Services Monitoring Management Pack
- AD CS Step-By-Step Guide - describes the steps needed to set up a basic public key infrastructure.
- Windows Server 2012 Core Network Companion Guide: Computer and User Certificates Deployment
- Public Key Infrastructure (PKI) for Security Solutions Datasheet
- Public Key Infrastructure Server Health Check Datasheet
- Active Directory Certificate Services (AD CS) - Information around Administration
- Microsoft SCEP Implementation Whitepaper
- Windows Phone 8 Certificates
- Best Practices for Implementing a Microsoft Windows Server 2003 Public Key Infrastructure
- Planning and Implementing Cross-Certification and Qualified Subordination Using Windows Server 2003
SCRIPTING PKI
- AD CS Administration Cmdlets in Windows PowerShell
- AD CS Deployment Cmdlets in Windows PowerShell
- Request, Export and Import Certificate Using PowerShell
- CodePlex: Public Key Infrastructure PowerShell module
PKI CONCEPTS AND URLS
- RFC: Internet X.509 Public Key Infrastructure | Certificate Policy and Certification Practices Framework
- Object Identifier (OID) Repository
- Quantum Crypto Wikipedia
- https://www.keylength.com/
- https://www.openssl.org/
- My old Security+ Glossary of Terms
Comments
- Anonymous
August 28, 2015
The comment has been removed