Pro Active Directory Certificate Services: Creating and Managing Digital Certificates for Use in Microsoft Networks Год издания: 2022 Автор: Lawrence E. Hughes Переводчик: Active Directory Certificate Services Жанр или тематика: Active directory sertificate Издательство: Apress ISBN: 978-1-4842-7486-6 Язык: Английский Формат: PDF Качество: Издательский макет или текст (eBook) Интерактивное оглавление: Да Количество страниц: 462 Описание: Pro Active Directory Certificate Services Creating and Managing Digital Certificates for Use in Microsoft Networks In order to deploy and use Microsoft Certificate Services, you need to understand the fundamentals of cryptography, digital signatures, encryption, TLS, and S/MIME. It is also important to understand the concepts behind public key infrastructure (PKI). This book teaches you all the required background knowledge you need. Then it takes you deeper, step by step, teaching you how to deploy Certificate Services and configure it to issue various digital certificate types, complete with examples of using these certificates with IIS, Outlook, and Windows. Microsoft-based networks—on-premises, hybrid, and cloud-based networks—are used in companies of all sizes. Within them, there are many applications of digital certificates that can be created and managed by Microsoft Certificate Services. As security is more important than ever, and cryptography and PKI are fundamental to so many of these defenses, understanding Microsoft Certificate Services is becoming an increasingly more desirable skill. Most IT workers don’t realize the many uses and purposes of Certificate Services, especially within a corporate or government agency network, and how tightly integrated they are with the Microsoft Windows Domain style of networks and Active Directory (on-premises or cloud-based, including Azure, AWS, and Google Cloud Services). This book will teach you the gamut. You will appreciate the learning approach presented in the book, beginning with the basics (cryptographic primitives such as encryption and message digests), getting into combinations of primitives to accomplish specific things (such as digital signatures and envelopes), and then trying real-word systems based on digital certificates and PKI (such as TLS, S/MIME secure email, cryptographic authentication, and more). The book wraps it all up and teaches you how to deploy Certificate Services and issue the various types of certificates, including how they are used. What You Will Learn - Understand basic cryptography (symmetric and asymmetric key encryption, message digests, and digital signatures and envelopes) - Know how TLS, S/MIME, and cryptographic authentication work - Discover applications of cryptography related to secure servers with TLS and cryptographic (passwordless) authentication to online services including Windows and secure email - Get to know the common types of digital certificates, how to create and manage them, and examples of their use with IIS, Outlook, etc. - This book is for Microsoft system and network engineers, security engineers, and CISOs. Readers should have familiarity with Windows Server 2019 (or more recent) and Active Directory
Примеры страниц
Оглавление
About the Author About the Technical Reviewers Acknowledgments Introduction Part I: Foundations in Cryptography, Digital Certificates, and PKI Chapter 1: Basic Cryptography: Symmetric Key Encryption Symmetric Key vs. Asymmetric Key Encryption Key Management Symmetric Key Encryption Introducing Alice and Bob Key Management with Symmetric Key Encryption Common Symmetric Key Cryptographic Algorithms Strength of Symmetric Key Algorithms Based on Key Length Encryption Modes Example of Symmetric Key Cryptography Chapter 2: Basic Cryptography: Hash Function Characteristics of a Good Message Digest Algorithm Conceptual Representations Primary Uses Chapter 3: Basic Cryptography: Asymmetric Key Encryption Comparing Asymmetric Key to Symmetric Key Common Asymmetric Key Algorithms Conceptual Model Cryptographic Algorithm Performance Crypto Challenge Demo Chapter 4: Digital Signature and Digital Envelope Digital Signature Creating a Digital Signature Validating a Digital Signature Uses of Digital Signatures Digital Envelope Creating the Digital Envelope Need for Recipient Certificates Opening the Digital Envelope: Chapter 5: X.509 Digital Certificate Certificate Trustworthiness Subject Distinguished Name Sources of Digital Certificates Sources of TLS Server (SSL) Certificates Sources of TLS Client Certificates and S/MIME Certificates The Windows Certificate Store A Tour of a Digital Certificate’s Contents S/MIME Certificates for Microsoft Outlook A Word on Let’s Encrypt Chapter 6: PKCS #10 Certificate-Signing Request (CSR) Chapter 7: Certificate Revocation and Renewal Certificate Renewal Certificate Revocation Certificate Revocation List (CRL) OCSP (Online Certificate Status Protocol) Supporting Certificate Revocation on Your Own CA Chapter 8: Key Management Symmetric Key Management Asymmetric Key Management Public Key Management Private Key Management Key Backup and Recovery vs. Key Escrow Chapter 9: Certificate Management Protocols CMP (Certificate Management Protocol) CMC (Certificate Management over CMS) SCEP (Simple Certificate Enrollment Protocol) EST (Enrollment over Secure Transport) ACME (Automated Certificate Management Environment) IRP (Identity Registration Protocol) Example of Certificate Request and Retrieval Using IRP CSRs (Create/Manage CSR) CSRs (Reassociate Cert) Chapter 10: Public Key Infrastructure (PKI) Trust Chains SixWallet Certificate Status Chapter 11: SSL and TLS Implicit TLS vs. Explicit TLS TLS with Other Protocols (in Addition to HTTP) Securing FTP with TLS Strong Client Authentication with a TLS Client Certificate During the TLS Handshake TLS Cryptosuites TLS Only Secures One Client/Server Network Link The Splintered IPv4 Internet (Public vs. Private Addresses) IPv4 Address Exhaustion PeerTLS Chapter 12: S/MIME Secure Email MIME S/MIME – MIME with Security S/MIME Implementations S/MIME Digital Certificates Public vs. Private Certificate Hierarchies Example: Signed Message Example: Encrypted Message Example: Signed and Encrypted Message Installing an S/MIME Certificate in Microsoft Outlook S/MIME with Applications Other Than Email Part II: Deploying and Using Active Directory Certificate Services Chapter 13: Deploy Microsoft Certificate Services Two-Level Hierarchy Three-Level Hierarchy Deploy Root CA Add Active Directory Certificate Services Role Deploy Subordinate CA for Intermediate and End-Entity Certificates Add Active Directory Certificate Services Role PKIView Chapter 14: Issue and Manage TLS Server Certificates Set Up Templates for Root CA Prepare for Issuing TLS Server Certs Request and Issue a TLS Server Certificate Using mmc.exe Install Server Cert in Internet Information Server Manage Subordinate CA Check CA Health in PKIView Force Publication of a New CRL Install OCSP Responder Chapter 15: Issue and Manage TLS Client Certificates Create TLS Client Certificate Set Up Template for TLS Client Certificate Prepare for Issuing TLS Client Certificates Request and Obtain a TLS Client Certificate Using mmc.exe Test TLS Client Certificate for SCA with PKIEduRootCA PeerTLS Chapter 16: Issue and Manage S/MIME Secure Email Certificates Issuing S/MIME Digital Certificates with Microsoft AD CS Create Template for S/MIME Certificate Prepare for Issuing S/MIME Certificates Request and Obtain an S/MIME Certificate Using mmc.exe Test Your New S/MIME Certificate Create a Digitally Signed Email Send a Digitally Enveloped Message Chapter 17: Issue and Manage Windows Logon Certificates Configure Active Directory Certificate Services to Issue Windows Logon Certificates Create Template for Windows Logon Certificate Prepare for Issuing Windows Logon Certificates Request and Obtain a Windows Logon Certificate Using mmc.exe Logging into Windows with a Windows Logon Certificate Appendix: Relevant Standards PKCS – Public Key Cryptography Standards PKCS #1 – RSA Cryptography Standard PKCS #2 – RSA Encryption of Message Digests (Withdrawn) PKCS #3 – Diffie-Hellman Key Agreement PKCS #4 – RSA Key Syntax (Withdrawn) PKCS #5 – Password-Based Encryption Standard PKCS #6 – Extended-Certificate Syntax Standard (Obsoleted by X.509 v3) PKCS #7 Cryptographic Message Syntax Standard PKCS #8 – Private-Key Information Syntax Standard PKCS #9 – Selected Attribute Types PKCS #10: Certification Request Standard PKCS #11 – Cryptographic Token Interface (Cryptoki) PKCS #12 – Personal Information Exchange Syntax Standard Internet Request for Comments (RFCs) Federal Information Processing Standards (FIPS) Index
Доп. информация: as is
[only-soft.org].t160606.torrent
Торрент:
Зарегистрирован
[ 2022-03-21 23:10 ]
20 KB
Статус:
√проверено
Скачан:
3 раз
Размер:
32 MB
Оценка:
(Голосов: 0)
Поблагодарили:
0
Lawrence E. Hughes - Pro Active Directory Certificate Services [2022, PDF, ENG] скачать торрент бесплатно и без регистрации
Вы не можете начинать темы Вы не можете отвечать на сообщения Вы не можете редактировать свои сообщения Вы не можете удалять свои сообщения Вы не можете голосовать в опросах Вы не можете прикреплять файлы к сообщениям Вы можете скачивать файлы