ADCS l mt server role cho php bn cp pht v qun l cc chng ch
s l mt phn ca h tng kha cng khai (PKI). PKI l mt h thng
bao gm cc phn cng, phn mm, cc chnh sch v v quy trnh to, qun l, phn pht, s dng, lu tr v thu hi cc chng ch s. PKI bao gm cc CA (C quan chng thc) v cc RA ( c quan ng k) xc nhn v chng thc tnh hp l ca mi thc th tham gia vo mt giao dch in t thng qua vic s dng mt m kha cng khai (public key cryptography). Trong PKI, CA kt hp mt kha cng khai ( Public key) vi danh tnh ngi dng tng ng cp pht cc chng ch s c cha kha cng khai (public key). M ha bt i xng, cn c gi l mt m kha cng khai (public key cryptography), s dng 2 key lin quan n ton hc m ha. Mt key m ha d liu, trong khi key cn li c s dng gii m d liu. Khng ging nh thut ton kha i xng (m ha i xng), phng php ny khng yu cu mt s trao i an ton mt hoc nhiu kha b mt (secret key) gia ngi gi v ngi nhn. Thay vo , bn c th lm cho bt c ai u c th dng kha cng khai (public key) v s dng mt key khc m ha v gii m d liu. Kha cng khai c th c gi cho ai hoc c th pht hnh trong mt chng ch s thng qua CA server. V d: gi s bn mun mt i tc gi d liu cho bn. bt u qu trnh m ha khng i xng, bn gi i tc ca bn kha cng khai ca bn (public key). i tc ca bn s m ha d liu vi key m bn gi cho h sau gi cho bn bn tin m ha. Tip n bn s dng private key gii m tin nhn . Nu chng may public key ri vo tay ngi khc th ngi vn khng th gii b tin nhn bi v bn cn private key gii m tin nhn m c m ha bi public key. Mt chng ch s l mt th mc in t m cha ng mt s nhn dng nh l tn ca s chc hoc l ngi dng, km vi mt public key tng ng. Bi v chng ch s c s dng chng minh danh tnh ca computer hoc user , n cng c th c s dng chng thc. Mt chng ch s ging nh mt giy php li xe hoc passport bi n c hnh nh ca user v du vn tay khng c nghi ng g v danh tnh ca ngi dng. Nhng li ch ca PKI bao gm Bo mt : PKI cho php bn m ha d liu lu tr hoc truyn i. Ton vn : Ch k s xc nh d liu c b chnh sa trong lc c truyn hay khng. Tnh xc thc : Th thng bo c k bng k thut s s dng private key ca ngi gi . Bi v thng bo ch c th c gii m ch vi kha cng khai tng ng ca ngi gi, n chng minh rng thng ip ch c th n t ngi gi. cho h thng PKI hot ng, CA phi c tin tng (trusted). Thng thng trong mt doanh nghip, bn c th ci t CA trn windows server, v n s c trusted trong doanh nghip ca bn. Nu bn yu cu mt CA m c trusted bn ngoi doanh nghip ca bn, bn phi s dng third-party CA, nh l VeriSign hoc entrust. Cc CA thng mi c thnh lp tnh ph pht hnh cc chng ch s c hu ht cc trnh duyt web tin cy C quan ng k (RA), c th c hoc khng c cng my ch vi CA, c s dng phn phi cc kha, chp nhn ng k cho CA, v xc thc cc danh tnh. RA khng phn phi chng ch s-thay vo CA s lm iu ny. CA l mt server role trn Windows Server 2012 xc minh danh tnh ca ngi yu cu chng ch; Cp chng ch cho ngi dng, my tnh v dch v; V qun l thu hi chng ch. Ph thuc vo nhu cu ca bn, bn c th ci t AD CS trn nhiu my ch windows server to h tng cho cc CA. CA u tin c gi l root CA, n thit lp PKI trong mng v cung cp im cao nht trong ton b cu trc Mi thnh phn to nn PKI c trin khai nh role service ca AD CS server role. Mi dch v vai tr chu trch nhim v mt phn c th ca c s h tng chng nhn, trong khi lm vic cng nhau to thnh mt gii php hon chnh Role service ca AD CS role bao gm : CA : l thnh phn cp pht cc certificates cho cc user, computer v dch v qun l hiu lc chng ch CA Web Enrollment : Thnh phn cung cp phng php pht hnh v gia hn chng ch cho ngi dng, my tnh v thit b khng c kt ni vi tn min, khng c kt ni trc tip vo mng hoc dnh cho ngi dng h iu hnh khng phi l Windows. Certificate Enrollment Web Service : Thnh phn cho php cc my tnh kt ni vi CA s dng trnh duyt web yu cu, lm mi v ci t chng ch cp; Ly CRLs; Ti v mt chng ch gc; V ng k qua Internet hoc qua rng. Standalone CA hot ng m ko cn c AD hoc khng yu cu AD. Tuy nhin server c th l thnh vin ca mt domain. User c th request certificate bng tay hoc qua web ni h phi xc nh thng tin v xc nh giy chng nhn m h cn. Theo mc nh, tt c cc yu cu chng ch c gi n standalone . CAs c gi trong mt hng i ang ch x l cho n khi qun tr vin CA ph duyt. Tuy nhin, bn c th cu hnh cc CA standalone cp giy chng nhn t ng theo yu cu, nhng iu ny t an ton hn v thng khng c khuyn khch