Finally, by default, Enterprise CAs either accept
or reject requests for certificates since they can quickly look up the criteria required to
complete the request. The CAs don??™t need to put the request in a pending state unless
you explicitly configure them to do so.
Stand-alone CAs
While Enterprise CAs are heavily focused on providing certificate services for inside the
organization and being able to cater to the automatic issuance of certificates, a Stand-alone
CA is typically deployed to issue certificates to outside entities. Stand-alone CAs do not
require AD since, for the most part, the CAs will be processing requests for individuals or
systems that are outside of your management scope. All incoming certificate requests to
a Stand-alone CA are marked as pending until such time that an administrator can verify
406 Microsoft Windows Server 2008 Administration
the information and make the appropriate decision either to approve or reject the request.
Since there is no integration with AD, the generated certificate must be distributed manually
and loaded onto the user??™s certificate store. Certificates issued by Stand-alone CAs
cannot be used to authenticate and log on to your systems using smart cards.
CRYPTOGRAPHIC SERVICE PROVIDERS
Cryptographic service providers (CSPs) are a set of hardware or software components
used to implement a specific cryptographic function.
Pages:
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441