Active Directory Certificate Services (AD CS)

Active Directory Certificate Services (AD CS) is an Active Directory tool that lets administrators customize services in order to issue and manage public key certificates.

Applications supported by AD CS include Secure/Multipurpose Internet Mail Extensions (S/MIME>), secure wireless networks, virtual private networks (VPN), Internet Protocol security (IPsec), Encrypting File System (EFS), smart card logon, Secure Socket Layer/Transport Layer Security (SSL/TLS) and digital signatures.

AD CS, which can be managed through Microsoft Management Console snap-ins or Server Manager,  has six components:

CA Web enrollment - connects users to a CA with a Web browser

Certification authorities (CAs) - manages certificate validation and issues certificates

Certificate Enrollment Policy Web Service - allows computers and users to retrieve information about their certificate enrollment policy

Certificate Enrollment Web Service - allows computers and users to enroll certificates using HTTPS

Network Device Enrollment Service - lets network devices without domain accounts retrieve certificates.

Online Responder - responds to requests about a certificate's status