About the integration
This guide describes how to enable HSM integration with Microsoft Active Directory Certificate Services (AD CS) including installation and set-up of Microsoft CA and integration with Online Certificate Service Protocol (OCSP)
For more detailed information regarding Microsoft Active Directory Certificate Services and Online Certificate Service Protocol, please refer to the documentation provided by Microsoft.
Microsoft Active Directory Certificate Services
A Microsoft Active Directory Certification Authority is responsible for attesting to the identity of users, computers, and organizations. The CA authenticates an entity and vouches for that identity by issuing a digitally signed certificate. The CA can also manage, revoke, and renew certificates. The CA can be public or private. A public CA provides certification services, typically for a fee, to the public over the Internet. A private CA provides this service to the members of a delimited population such as the employees of a business or members of some other private group. If the security of the generated keys and certificates needs to be enhanced, the Microsoft Active Directory Certification Authority needs to be configured to use a Hardware Security Module (HSM). When the HSM module is enabled with Microsoft Active Directory Certification Authority, this strengthens the protection of keys and certificates.
Online Certificate Service Protocol
Online Certificate Status Protocol is an Internet Protocol and is used by certificate authorities to check the revocation status of specific digital certificates. The Online Responder Service is the component by Microsoft Windows service that is responsible for managing the configuration of OCSP responder by retrieving revocation information from revocation providers, signing responses, and auditing changes to the configuration of the OCSP responder. The OCSP and CA uses Utimaco HSM for performing different operations like key generation, certificate signing, CRL signing and protecting their private keys.
UTIMACO CryptoServer HSM
CryptoServer is a hardware security module developed by UTIMACO IS GmbH. CryptoServer is a physically protected specialized computer unit designed to perform sensitive cryptographic tasks and to securely manage as well as store cryptographic keys and data. It can be used as a universal, independent security component for heterogeneous computer systems.
Are you interested in this document?
Simply add it to your collection. You can request access to this and other documents in your collection all at once via the blue basket on the right.