A Microsoft BackOffice application for issuing and managing standard X.509 digital certificates. Microsoft Certificate Server, which is included with the Microsoft Windows NT Option Pack, and Microsoft Certificate Services, which is included in Windows 2000, enable network administrators to act as a certificate authority to issue, renew, manage, and revoke digital certificates for their enterprise without having to use the services of third-party certificate authorities.
Certificate Server is designed for networks that use Web-based applications and tools and require the security and reliability of the Secure Sockets Layer (SSL) protocol, Secure/Multipurpose Internet Mail Extensions (S/MIME), and Microsoft Authenticode software signing.
Certificate Services give network administrators full control over certificate policies and procedures, the format and content of certificates, and certificate management. It logs all certificate transactions, allowing administrators to track and audit certificate issuance, renewal, and revocation.
Certificate Server receives PKCS #10 certificate requests generated by other applications such as Key Manager from Internet Information Server (IIS) version 4. These certificate requests are submitted on behalf of an entity (individual, system, company, or organization) and include the entity’s identification information and public key. The Certificate Server administrator verifies the identity of the entity that issued the request and issues an X.509 digital certificate in PKCS #7 format to the entity if all appropriate criteria have been met.
Certificate Server runs as a Windows NT service. It is administered using a standard Web browser. You use Web-based tools to manage the two Certificate Server databases: Server Queue, which keeps a record of all certificate requests that have been received, and Server Log, which keeps copies of all certificates that have been issued.
Certificate Server is policy independent and can receive certificate requests through any transport medium, including Hypertext Transfer Protocol (HTTP), remote procedure calls (RPCs), floppy disks, and custom transport mechanisms. Certificate Server uses Microsoft CryptoAPI to ensure the security and privacy of confidential information.