Application security encompasses measures taken throughout the application's life-cycle to prevent exceptions in the security policy of an application or the underlying system (vulnerabilities) through flaws in the design, development, deployment, upgrade, or maintenance of the application.

Microsoft CA

Microsoft Certificate Authority is a collection of interconnected components working together to provide security services, such as encryption, authentication, and digital signatures. Microsoft CA uses asymmetric keys rather than symmetric keys for this purpose. Using multiple keys, one public and one private, provides multiple benefits over symmetric key technologies. These benefits include scalability and a reduction in key management and distribution efforts. Regardless of whether the keys are used for encryption or digital signature, the private key does not need to be distributed outside of the user’s control. The public key, on the other hand, is meant to be distributed. Digital certificates provide a mechanism for distribution of public keys and identify the entity with which they are associated.

The premise of Microsoft CA is based on trusting a common root certificate. An internally built CA (such as within an enterprise) offers a ubiquitous trust within the confines of the enterprise. Third-party CA service providers offer a facility to extend that ubiquity across the Internet for what would otherwise be no trust entities. 

Microsoft Active Directory Certificate Services (AD CS) in the Windows Server 2003/2008 provides customizable services for creating and managing public key (PKI) certificates. You can use AD CS to enhance and implement security by binding the identity of a person, device, computers or services to a corresponding private key. AD CS also includes features that allow you to manage certificates enrolment and revocation if necessary. Applications supported by AD CS include Secure/Multipurpose Internet Mail Extensions (S/MIME), secure wireless networks, virtual private network (VPN), Internet Protocol security (IPsec), Encrypting File System (EFS), smart card logon, Secure Socket Layer/Transport Layer Security (SSL/TLS), and digital signatures.


Features in AD CS

By using Start -> Administrative Tool -> Server Manager in windows server 2008, you can set up the following components of AD CS:

Certification authorities (CA)
Root and subordinate CAs are used to issue certificates to users, computers, and services, and to manage certificate validity.

Web Enrollment Web enrolment (http://servername/certsrv) allows users to connect to a CA by means of a Web browser in order to request certificates.

Online Responder. The Online Responder service decodes revocation status requests for specific certificates, evaluates the status of these certificates, and sends back a signed response containing the requested certificate status information.

Network Device Enrollment Service. The Network Device Enrollment Service allows routers and other network devices that do not have domain accounts to obtain certificates.



What’s new in Windows Server 2003/2008 AD CS:

Improved enrollment capabilities that enable delegated enrollment agents to be assigned on a per-template basis.

Integrated Simple Certificate Enrollment Protocol (SCEP) enrollment services for issuing certificates to network devices, Users,Web application and others.

Scalable, high-speed revocation status response services combining both CRLs and integrated Online Responder services.

Installation Screen Shot