ADCS l mt server role cho php bn cp pht v qun l cc chng ch

s l mt phn ca h tng kha cng khai (PKI). PKI l mt h thng

bao gm cc phn cng, phn mm, cc chnh sch v v quy trnh
to, qun l, phn pht, s dng, lu tr v thu hi cc chng ch s. PKI
bao gm cc CA (C quan chng thc) v cc RA ( c quan ng k)
xc nhn v chng thc tnh hp l ca mi thc th tham gia vo mt
giao dch in t thng qua vic s dng mt m kha cng khai (public
key cryptography). Trong PKI, CA kt hp mt kha cng khai ( Public
key) vi danh tnh ngi dng tng ng cp pht cc chng ch s c
cha kha cng khai (public key).
M ha bt i xng, cn c gi l mt m kha cng khai (public key
cryptography), s dng 2 key lin quan n ton hc m ha. Mt key m
ha d liu, trong khi key cn li c s dng gii m d liu. Khng ging
nh thut ton kha i xng (m ha i xng), phng php ny khng yu cu
mt s trao i an ton mt hoc nhiu kha b mt (secret key) gia ngi gi v
ngi nhn. Thay vo , bn c th lm cho bt c ai u c th dng kha cng
khai (public key) v s dng mt key khc m ha v gii m d liu. Kha
cng khai c th c gi cho ai hoc c th pht hnh trong mt chng ch s
thng qua CA server.
V d: gi s bn mun mt i tc gi d liu cho bn. bt u qu trnh m
ha khng i xng, bn gi i tc ca bn kha cng khai ca bn (public key).
i tc ca bn s m ha d liu vi key m bn gi cho h sau gi cho
bn bn tin m ha. Tip n bn s dng private key gii m tin nhn .
Nu chng may public key ri vo tay ngi khc th ngi vn khng th gii
b tin nhn bi v bn cn private key gii m tin nhn m c m ha bi
public key.
Mt chng ch s l mt th mc in t m cha ng mt s nhn dng nh l
tn ca s chc hoc l ngi dng, km vi mt public key tng ng. Bi v
chng ch s c s dng chng minh danh tnh ca computer hoc user , n
cng c th c s dng chng thc. Mt chng ch s ging nh mt giy php
li xe hoc passport bi n c hnh nh ca user v du vn tay khng c nghi
ng g v danh tnh ca ngi dng.
Nhng li ch ca PKI bao gm
Bo mt : PKI cho php bn m ha d liu lu tr hoc truyn i.
 Ton vn : Ch k s xc nh d liu c b chnh sa trong lc c truyn
hay khng.
Tnh xc thc : Th thng bo c k bng k thut s s dng private key
ca ngi gi . Bi v thng bo ch c th c gii m ch vi kha cng
khai tng ng ca ngi gi, n chng minh rng thng ip ch c th n
t ngi gi.
cho h thng PKI hot ng, CA phi c tin tng (trusted). Thng thng
trong mt doanh nghip, bn c th ci t CA trn windows server, v n s c
trusted trong doanh nghip ca bn. Nu bn yu cu mt CA m c trusted bn
ngoi doanh nghip ca bn, bn phi s dng third-party CA, nh l VeriSign
hoc entrust. Cc CA thng mi c thnh lp tnh ph pht hnh cc chng ch
s c hu ht cc trnh duyt web tin cy
C quan ng k (RA), c th c hoc khng c cng my ch vi CA, c s
dng phn phi cc kha, chp nhn ng k cho CA, v xc thc cc danh
tnh. RA khng phn phi chng ch s-thay vo CA s lm iu ny.
CA l mt server role trn Windows Server 2012 xc minh danh tnh ca ngi yu
cu chng ch; Cp chng ch cho ngi dng, my tnh v dch v; V qun l thu
hi chng ch.
Ph thuc vo nhu cu ca bn, bn c th ci t AD CS trn nhiu my ch
windows server to h tng cho cc CA. CA u tin c gi l root CA, n
thit lp PKI trong mng v cung cp im cao nht trong ton b cu trc
Mi thnh phn to nn PKI c trin khai nh role service ca AD CS server
role. Mi dch v vai tr chu trch nhim v mt phn c th ca c s h tng
chng nhn, trong khi lm vic cng nhau to thnh mt gii php hon chnh
Role service ca AD CS role bao gm :
CA : l thnh phn cp pht cc certificates cho cc user, computer v
dch v qun l hiu lc chng ch
CA Web Enrollment : Thnh phn cung cp phng php pht hnh v
gia hn chng ch cho ngi dng, my tnh v thit b khng c kt ni
vi tn min, khng c kt ni trc tip vo mng hoc dnh cho ngi
dng h iu hnh khng phi l Windows.
Certificate Enrollment Web Service : Thnh phn cho php cc my tnh kt
ni vi CA s dng trnh duyt web yu cu, lm mi v ci t chng
 ch cp; Ly CRLs; Ti v mt chng ch gc; V ng k qua Internet
hoc qua rng.
Standalone CA hot ng m ko cn c AD hoc khng yu cu AD. Tuy nhin
server c th l thnh vin ca mt domain. User c th request certificate bng
tay hoc qua web ni h phi xc nh thng tin v xc nh giy chng nhn
m h cn. Theo mc nh, tt c cc yu cu chng ch c gi n
standalone . CAs c gi trong mt hng i ang ch x l cho n khi qun
tr vin CA ph duyt. Tuy nhin, bn c th cu hnh cc CA standalone
cp giy chng nhn t ng theo yu cu, nhng iu ny t an ton hn v
thng khng c khuyn khch