The following is an overview of the audit events generated by the certification authority in the Windows Event Viewer.
In contrast to operational events, which are often understood under the term "monitoring", auditing for the certification authority is the configuration of logging of security-relevant events.
Continue reading „Übersicht über die von der Zertifizierungsstelle generierten Audit-Ereignisse“Assume the following scenario:
The system could not log you on. The requested key container does not exist on the smart card.Continue reading „Die Anmeldung via Smartcard über Remotedesktop (RDP) schlägt fehl mit Fehlermeldung „The requested key container does not exist on the smart card.““
The following is an overview of the events generated by the certification authority in the Windows Event Viewer.
Continue reading „Übersicht über die von der Zertifizierungsstelle generierten Windows-Ereignisse“The following is an overview of the events generated by the Certificate Enrollment Policy (CEP) service in the Windows Event Viewer.
The Certificate Registration Policy Service events are not officially documented. The following list was generated using the Windows Event Log Messages (WELM) tool.
Continue reading „Übersicht über die vom Zertifikatregistrierungs-Richtliniendienst (CEP) generierten Windows-Ereignisse“The following is an overview of the events generated by the Certificate Enrollment Web Service (CES) in the Windows Event Viewer.
The events of the Certificate Enrollment Web Service are not officially documented. The following list was generated using the Windows Event Log Messages (WELM) tool.
Continue reading „Übersicht über die vom Zertifikatregistrierungs-Webdienst (CES) generierten Windows-Ereignisse“The following is an overview of the events generated by the Network Devices Registration Service (NDES) in the Windows Event Viewer.
The events of the Network Devices Registration Service are not officially documented. The following list was generated using the Windows Event Log Messages (WELM) tool.
Continue reading „Übersicht über die vom Registrierungsdienst für Netzwerkgeräte (NDES) generierten Windows-Ereignisse“The following is an overview of the events generated by the online responder (OCSP) in the Windows Event Viewer.
The events of the online responder are not officially documented. The following list was generated using the Windows Event Log Messages (WELM) tool.
Continue reading „Übersicht über die vom Onlineresponder (OCSP) generierten Windows-Ereignisse“OCSP responses from a Microsoft OCSP resonder are valid for exactly as long as the underlying revocation list. In some scenarios, you may want to reduce OCSP validity times by using delta CRLs. At the same time, however, no delta CRL should be used for the revocation lists entered in the CDP paths in order to enable a fallback to a CRL with a longer validity.
Continue reading „Kombination Onlineresponder (OCSP) mit Delta CRL und Sperrlistenverteilpunkt (CDP) ohne Deltasperrliste für gesteigerte Resilienz“The following section examines how the revocation status check behaves if the online responder should fail. Depending on the configuration of the certificates issued, the behavior can vary considerably.
Continue reading „Auswirkungen des Ausfalls des Onlineresponders (OCSP) auf die Überprüfung des Sperrstatus eines Zertifikats“The following is an explanation of how the serial numbers of issued certificates are formed and how the behavior of the certification authorities can be customized.
After installing a Network Device Enrollment Service (NDES), or after more extensive maintenance, an extensive functional test should be performed to ensure that all components are operating as desired.
Continue reading „Funktionstest durchführen für den Registrierungsdienst für Netzwerkgeräte (NDES)“The following describes the steps required to configure the Network Device Enrollment Service (NDES) for use with an alias.
The term alias means that the service is not called with the name of the server on which it is installed, but with a generic name independent of this name. The use of an alias allows the service to be moved to another system at a later time without having to inform all participants of the new address.
Continue reading „Den Network Device Enrollment Service (NDES) für die Verwendung mit einem Alias konfigurieren“In the default configuration, the certificate authority's certificate request interface is configured to negotiate dynamic ports for the incoming RPC/DCOM connections (for more details, see the article "Firewall rules required for Active Directory Certificate Services„).
| Network protocol | Destination port | Protocol |
|---|---|---|
| TCP | 135 | RPC Endpoint Mapper |
| TCP | 49152-65535 | RPC dynamic ports |
This configuration is not feasible in every enterprise environment. Often there are restrictive firewall rules that do not allow the use of dynamic network ports.
In such a case, the certificate authority must be configured to a static port.
Continue reading „Konfigurieren der Zertifizierungsstelle auf einen statischen Port (RPC-Endpunkt)“In the default configuration, the certificate authority's certificate request interface is configured to negotiate dynamic ports for the incoming RPC/DCOM connections (for more details, see the article "Firewall rules required for Active Directory Certificate Services„).
However, it is also possible to configure the certificate authority to a static port (see article "Configuring the certificate authority to a static port (RPC endpoint)„).
The following describes how to check the current configuration of the certification authority.
Continue reading „Abfrage der konfigurierten RPC-Endpunkte einer Zertifizierungsstelle“If, in addition to the Active Directory Certificate Services, the administrative tiering model is also implemented for the Active Directory directory service, the question arises as to how the individual PKI components are to be assigned to this model in order to be able to perform targeted security hardening.
Continue reading „Einordnung der ADCS-Komponenten in das administrative Schichtenmodell (Administrative Tiering Model)“
English 
Deutsch