search

AD CS Architecture

hashtag
Core Components

Below are a few core components of AD CS. There are more, but I'll cover the ones I see most often.

hashtag
Certification Authority

The Certification Authority (CA) is the core AD CS role that issues and signs certificates. Its role includes:

  • Processing certificate requests

  • Issuing and signing certificates

  • Maintaining a database of issued and revoked certificates

circle-info

Commonly called Certificate Authority

hashtag
Certificate Templates

Certificate Templates define the rules for certificates that can be issued by the CA. Templates control things like:

  • Who can request the certificate

  • Certificate usage (authentication, encryption, etc.)

  • Enrollment permissions

hashtag
Certification Authority Web Enrollment

CA Web Enrollment is an optional (but commonly enabled) AD CS role that provides a web interface for requesting certificates. Its role includes:

  • Allowing manual certificate requests through a browser

  • Allowing administrators to retrieve issued certificates

  • Supports certificate enrollment for non-domain systems

circle-info

The typical CA Web Enrollment endpoint is http://[CA Server]/certsrv

hashtag
Certificate Revocation List (CRL)

The Certificate Revocation List isn't necessarily an AD CS component or role - it is data published by the CA that lists revoked certificates.

PreviousAD CSNextCA/Template Discovery

Last updated