Integrationguide Keyvisual

Microsoft ADCS and OCSP with UTIMACO SecurityServer

About the integration


This guide describes how to enable HSM integration with Microsoft Active Directory Certificate Services (AD CS) including installation and set-up of Microsoft CA and integration with Online Certificate Service Protocol (OCSP)
 

For more detailed information regarding Microsoft Active Directory Certificate Services and Online Certificate Service Protocol, please refer to the documentation provided by Microsoft.

Microsoft Active Directory Certificate Services

A Microsoft Active Directory Certification Authority is responsible for attesting to the identity of users, computers, and organizations. The CA authenticates an entity and vouches for that identity by issuing a digitally signed certificate. The CA can also manage, revoke, and renew certificates. The CA can be public or private. A public CA provides certification services, typically for a fee, to the public over the Internet. A private CA provides this service to the members of a delimited population such as the employees of a business or members of some other private group. If the security of the generated keys and certificates needs to be enhanced, the Microsoft Active Directory Certification Authority needs to be configured to use a Hardware Security Module (HSM). When the HSM module is enabled with Microsoft Active Directory Certification Authority, this strengthens the protection of keys and certificates.

 

Online Certificate Service Protocol

Online Certificate Status Protocol is an Internet Protocol and is used by certificate authorities to check the revocation status of specific digital certificates. The Online Responder Service is the component by Microsoft Windows service that is responsible for managing the configuration of OCSP responder by retrieving revocation information from revocation providers, signing responses, and auditing changes to the configuration of the OCSP responder. The OCSP and CA uses Utimaco HSM for performing different operations like key generation, certificate signing, CRL signing and protecting their private keys.

 

UTIMACO CryptoServer HSM

CryptoServer is a hardware security module developed by UTIMACO IS GmbH. CryptoServer is a physically protected specialized computer unit designed to perform sensitive cryptographic tasks and to securely manage as well as store cryptographic keys and data. It can be used as a universal, independent security component for heterogeneous computer systems.

 

Are you interested in this document?

Simply add it to your collection. You can request access to this and other documents in your collection all at once via the blue basket on the right.

How can we help you?

Talk to one of our specialists and find out how Utimaco can support you today.
You have selected two different types of downloads, so you need to submit different forms which you can select via the two tabs.

Your download request(s):

    By submitting below form you will receive links for your selected downloads.

    Your download request(s):

      For this type of documents, your e-mail address needs to be verified. You will receive the links for your selected downloads via e-mail after submitting below form.

      About Utimaco's Downloads

      Visit our Downloads section and select from resources such as brochures, data sheets, white papers and much more. You can view and save almost all of them directly (by clicking the download button).

      For some documents, your e-mail address needs to be verified. The button contains an e-mail icon.

      Download via e-mail

       

      A click on such a button opens an online form which we kindly ask you to fill and submit. You can collect several downloads of this type and receive the links via e-mail by simply submitting one form for all of them. Your current collection is empty.