adcs architecture, deployment and consulting€¦ · •adcs architecture, deployment and...
TRANSCRIPT
•
•
•
• ADCS Architecture, Deployment and Consulting
• PKI Assessment and Remediation Services
• In-Depth PKI Training
• Retainer and Support Services
•
•
•
•
•• Certutil.exe –setreg chain\ChainCacheResyncFiletime @now
• Certutil.exe -URLcache delete
•
••
•
•
•
•
•
••
•
•
•
•
•
•
•
•
•
•
•
•
•
•
••
•
•
•
CA Key 1Created
OCSP
Cert 1
Client
Cert 1
Client
Cert 2
OCSP
Cert 2
CA Key 2
Created
CA Key 1
Expiration
OCSP
Cert 3
OCSP: Client
Cert 1?
CA Key 2
Expiration
CA Key 1Created
OCSP
Cert 1
Client
Cert 1
Client
Cert 2
OCSP
Cert 2
CA Key 2
Created
CA Key 1
Expiration
OCSP
Cert 3
OCSP: Client
Cert 1?
CA Key 2
Expiration
OCSP
Cert 4
OCSP: Client
Cert 3?
•
•
•
•
•
•
•
•
• Releasing Soon!
Client Devices
Offline Root CA
Exterior Firewall
Interior Firewall
Domain Controllers
Issuing CA
Internal Network
Isolated Network/
DMZ
NDES
•
•
•
Root CA
Enterprise CA
10
Years
5 Years
Device Cert2 Years
•
Root CA
Enterprise CA
10
Years
5 Years
Device Cert 2 Years 2 Years1
Year
Root CA10
Years
Enterprise CA 5 Years
Device Cert 2 Years 2 Years
2.5 Years2.5
Years
Same Key
RenewalNew Key
Renewal
2 Years
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
http://technet.microsoft.com/library/dn765472.aspx
http://azure.microsoft.com/en-us/
http://technet.microsoft.com/en-us/library/hh546785.aspx
http://www.microsoft.com/en-us/server-cloud/products/windows-azure-pack
www.microsoft.com/learning
http://developer.microsoft.com http://microsoft.com/technet
http://channel9.msdn.com/Events/TechEd