Chapter 2-05 – Chapter 17: Issue and Manage Windows Logon Certificates
Chapter 18: Appendix A: Relevant Standards.
Lawrence E. Hughes is a renowned expert in cryptography and PKI. He previously worked at VeriSign and co-founded and was CTO at CipherTrust (a secure email proxy appliance). He also was employed at Sixscape Communications in Singapore where he was responsible for creating much of their technology. Lawrence founded the US-based company PKIEdu Inc. (Public Key Infrastructure Education) to conduct training and consulting in the area of PKI. He created and taught the courseware at VeriSign (the first leading company in the PKI space) and presented it internationally to affiliates and large customers. He is a security author and was heavily involved in the deployment of several national certification authorities in the UK, Netherlands, and Australia.
In order to deploy and use Microsoft Certificate Services, you need to understand the fundamentals of cryptography, digital signatures, encryption, TLS, and S/MIME. It is also important to understand the concepts behind public key infrastructure (PKI). This book teaches you all the required background knowledge you need. Then it takes you deeper, step by step, teaching you how to deploy Certificate Services and configure it to issue various digital certificate types, complete with examples of using these certificates with IIS, Outlook, and Windows.
Microsoft-based networks—on-premises, hybrid, and cloud-based networks—are used in companies of all sizes. Within them, there are many applications of digital certificates that can be created and managed by Microsoft Certificate Services. As security is more important than ever, and cryptography and PKI are fundamental to so many of these defenses, understanding Microsoft Certificate Services is becoming an increasingly more desirable skill.
Most IT workers don’t realize the many uses and purposes of Certificate Services, especially within a corporate or government agency network, and how tightly integrated they are with the Microsoft Windows Domain style of networks and Active Directory (on-premises or cloud-based, including Azure, AWS, and Google Cloud Services). This book will teach you the gamut.
You will appreciate the learning approach presented in the book, beginning with the basics (cryptographic primitives such as encryption and message digests), getting into combinations of primitives to accomplish specific things (such as digital signatures and envelopes), and then trying real-word systems based on digital certificates and PKI (such as TLS, S/MIME secure email, cryptographic authentication, and more). The book wraps it all up and teaches you how to deploy Certificate Services and issue the various types of certificates, including how they are used.
What You Will Learn
Understand basic cryptography (symmetric and asymmetric key encryption, message digests, and digital signatures and envelopes)
Know how TLS, S/MIME, and cryptographic authentication work
Discover applications of cryptography related to secure servers with TLS and cryptographic (passwordless) authentication to online services including Windows and secure email
Get to know the common types of digital certificates, how to create and manage them, and examples of their use with IIS, Outlook, etc.
This book is for Microsoft system and network engineers, security engineers, and CISOs. Readers should have familiarity with Windows Server 2019 (or more recent) and Active Directory.
Lawrence E. Hughes is a renowned expert in cryptography and PKI. He previously worked at VeriSign and co-founded and was CTO at CipherTrust (a secure email proxy appliance). He also was employed at Sixscape Communications in Singapore where he was responsible for creating much of their technology. Lawrence founded the US-based company PKIEdu Inc. (Public Key Infrastructure Education) to conduct training and consulting in the area of PKI. He created and taught the courseware at VeriSign (the first leading company in the PKI space) and presented it internationally to affiliates and large customers. He is a security author and was heavily involved in the deployment of several national certification authorities in the UK, Netherlands, and Australia.