{
	"id": "3db0c927-7ee4-40d7-a717-f487b727c03d",
	"created_at": "2026-04-06T01:28:54.069205Z",
	"updated_at": "2026-04-10T13:11:43.301801Z",
	"deleted_at": null,
	"sha1_hash": "4ba43b493d9985a24477337837eac309f91e89d7",
	"title": "Active Directory Certificate Services Overview",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 47900,
	"plain_text": "Active Directory Certificate Services Overview\r\nBy Archiveddocs\r\nArchived: 2026-04-06 00:07:42 UTC\r\nApplies To: Windows Server 2012 R2, Windows Server 2012\r\nThis document provides an overview of Active Directory Certificate Services (AD CS) in Windows Server®\r\n2012. AD CS is the Server Role that allows you to build a public key infrastructure (PKI) and provide public key\r\ncryptography, digital certificates, and digital signature capabilities for your organization.\r\nDid you mean…\r\nActive Directory Domain Services Overview\r\nActive Directory Rights Management Services Overview\r\nActive Directory Federation Services Overview\r\nActive Directory Lightweight Directory Services Overview\r\nNote\r\nTo comment on this content or ask questions about the information presented here, please use our Feedback\r\nguidance.\r\nAD CS provides customizable services for issuing and managing digital certificates used in software security\r\nsystems that employ public key technologies.\r\nThe digital certificates that AD CS provides can be used to encrypt and digitally sign electronic documents and\r\nmessages. These digital certificates can be used for authentication of computer, user, or device accounts on a\r\nnetwork. Digital certificates are used to provide:\r\n1. Confidentiality through encryption\r\n2. Integrity through digital signatures\r\n3. Authentication by associating certificate keys with computer, user, or device accounts on a computer\r\nnetwork\r\nYou can use AD CS to enhance security by binding the identity of a person, device, or service to a corresponding\r\nprivate key. AD CS gives you a cost-effective, efficient, and secure way to manage the distribution and use of\r\ncertificates.\r\nhttps://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/hh831740(v=ws.11)\r\nPage 1 of 3\n\nApplications supported by AD CS include Secure/Multipurpose Internet Mail Extensions (S/MIME), secure\r\nwireless networks, virtual private network (VPN), Internet Protocol security (IPsec), Encrypting File System\r\n(EFS), smart card logon, Secure Socket Layer/Transport Layer Security (SSL/TLS), and digital signatures.\r\nThere are multiple changes to AD CS in Windows Server 2012 and the What’s New in AD CS article\r\n(https://go.microsoft.com/fwlink/?LinkID=224385) describes these changes.\r\nThe installation of AD CS role services can be performed through the Server Manager. The following role services\r\ncan be installed:\r\nRole service Description\r\nCertification\r\nAuthority (CA)\r\nRoot and subordinate CAs are used to issue certificates to users, computers, and\r\nservices, and to manage certificate validity.\r\nWeb Enrollment\r\nCA Web enrollment allows users to connect to a CA by means of a Web browser in\r\norder to request certificates and retrieve certificate revocation lists (CRLs).\r\nOnline Responder\r\nThe Online Responder service decodes revocation status requests for specific\r\ncertificates, evaluates the status of these certificates, and sends back a signed response\r\ncontaining the requested certificate status information.\r\nNetwork Device\r\nEnrollment\r\nService\r\nThe Network Device Enrollment Service (NDES) allows routers and other network\r\ndevices that do not have domain accounts to obtain certificates.\r\nCertificate\r\nEnrollment Policy\r\nWeb Service\r\nThe Certificate Enrollment Policy Web Service enables users and computers to obtain\r\ncertificate enrollment policy information.\r\nCertificate\r\nEnrollment Web\r\nService\r\nThe Certificate Enrollment Web Service is an Active Directory Certificate Services\r\n(AD CS) role service that enables users and computers to perform certificate\r\nenrollment by using the HTTPS protocol. When used together, the Certificate\r\nEnrollment Web Service and the Certificate Enrollment Policy Web Service enable\r\npolicy-based certificate enrollment for\r\n- domain member computers not connected to the domain\r\n- computers that are not domain members\r\nThe following table provides additional resources for evaluating AD CS.\r\nContent type References\r\nProduct\r\nevaluation\r\n- Test Lab Guide: Deploying an AD CS Two Tier PKI Hierarchy\r\n- Test Lab Guide: Demonstrating Key-Based Renewal\r\nhttps://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/hh831740(v=ws.11)\r\nPage 2 of 3\n\nContent type References\r\n- Test Lab Guide Mini-Module: Cross-Forest Certificate Enrollment using Certificate\r\nEnrollment Web Services\r\nCommunity\r\nresources\r\n- Community directory for documentation and information: Windows PKI\r\nDocumentation Reference and Library\r\n- Frequently asked questions (FAQs) list Active Directory Certificate Services (AD CS)\r\nPublic Key Infrastructure (PKI) Frequently Asked Questions (FAQ)\r\n- Support forum: Windows Server Security Forum\r\n- Product team blog: Windows PKI Blog\r\n- Support Team Blog: Ask the Directory Services team\r\n- Script repository: TechNet Script Center Repository search for Certification,\r\nCertificate, or PKI.\r\n- Community technology overview: Active Directory Certificate Services (AD CS)\r\nOverview\r\nRelated\r\ntechnologies\r\nActive Directory Domain Services\r\n Active Directory Rights Management Services\r\n Active Directory Federation Services\r\n Active Directory Lightweight Directory Services\r\nNote\r\nTo comment on this content or ask questions about the information presented here, please use our Feedback\r\nguidance.\r\nSource: https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/hh831740(v=ws.11)\r\nhttps://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/hh831740(v=ws.11)\r\nPage 3 of 3",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/hh831740(v=ws.11)"
	],
	"report_names": [
		"hh831740(v=ws.11)"
	],
	"threat_actors": [],
	"ts_created_at": 1775438934,
	"ts_updated_at": 1775826703,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/4ba43b493d9985a24477337837eac309f91e89d7.pdf",
		"text": "https://archive.orkl.eu/4ba43b493d9985a24477337837eac309f91e89d7.txt",
		"img": "https://archive.orkl.eu/4ba43b493d9985a24477337837eac309f91e89d7.jpg"
	}
}