For example, you might have a CSP
that knows how to digitally sign e-mail messages or authenticate your wireless LAN using
802.1x. Out of the box, Windows Server 2008 (in fact all Windows operating systems)
includes a predefined set of commonly used CSPs. Additional CSPs can be loaded at any
time to support cryptographic methods.
CERTIFICATE TEMPLATES
Certificate templates are a set of rules and settings that govern certificates and form the
basis for new certificates. For example, the template can be defined to allow the certificate
to be used only for IPSec communications or only for signing e-mails. You will also
need to define enrollment parameters such as whether automatic enrollment or web
enrollment will be allowed.
IMPORTANT You must carefully design certificate templates before they are deployed, including
considering a number of design options, such as enrollment parameters, ahead of time. Although
certificate templates can be modified after their creation, doing so may result in your having to
reissue updated certificates to replace old certificates that have already been issued using the prior
template.
A subject name is associated with each certificate using the template. The subject
name defines the holder of the private key. This can be a user, computer, program, or any
other object that can participate in certificate management. You must determine how the
subject name will be defined.
Pages:
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442