[{"id":"ci_ebf737b8a89911db9673d52027bd7c309c1c32b2480f1d370106ed09bac39fe8","title":"Version Information and PDF Download","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/1.0.0/version-information-and-pdf-download","children":[]},{"id":"ci_ac6bfea76d9a9d2a3ba0717b456c09968d2d9e35e34b5a37ce5a92cf540742b7","title":"Introduction","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/1.0.0/introduction","children":[{"id":"ci_d426e549d66b7ee3829298f370459b976a795ea6b1c152c39e6dfbfa4aa6bea0","title":"About This Guide","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/1.0.0/about-this-guide","children":[]},{"id":"ci_29f06740a235bf40bac12aeda177fc74607f2f62e8c15e5c908c3ba4470b1683","title":"Target Audience","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/1.0.0/target-audience","children":[]},{"id":"ci_b4c7a5ed9ae93a096744df3de15ca1d22447e493b78d61a451ccf980ff957090","title":"Document Conventions","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/1.0.0/document-conventions","children":[]},{"id":"ci_868a2c4d0d96c68bda6c2ca7abd9e5e2d62d96dfd5e4f6fcbab2bbce10d82521","title":"Abbreviations","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/1.0.0/abbreviations","children":[]}]},{"id":"ci_30a2e007dac1181b40cb51031db6cdcce708f229542b0b79a2046e0a3990c047","title":"Overview","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/1.0.0/overview","children":[{"id":"ci_52ec7a4d714d033c0376f39851ed250861cd2e8e4226bcea081d11db3c3bc185","title":"Microsoft Active Directory Certificate Services","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/1.0.0/microsoft-active-directory-certificate-services","children":[]},{"id":"ci_b882c9d0f6ed6c83bd784dc5b600eb43f99ab781f6c8516965bbede7a8614403","title":"Online Certificate Service Protocol","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/1.0.0/online-certificate-service-protocol","children":[]},{"id":"ci_929676c6fefffff79214032cdc51097f7ed0dc066432dfe62f3226afc80e9111","title":"Utimaco CryptoServer HSM","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/1.0.0/utimaco-cryptoserver-hsm","children":[]}]},{"id":"ci_ccc827f341857480aa3893ef6814b84ca5f2013e7e75eafbbcf6805fa1ee4601","title":"Integration Requirements and Prerequisites","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/1.0.0/integration-requirements-and-prerequisites","children":[{"id":"ci_de706c0d795a8040a4b46ab162f2e7c9f743c883c027373aac25f3baeee90743","title":"Tested Versions","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/1.0.0/tested-versions","children":[]},{"id":"ci_9d08cf3e85b1cec43c6965961bf47235b7c85dd96a5d74b68fabdca3dcaa3cec","title":"Hardware and Software Requirements","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/1.0.0/hardware-and-software-requirements","children":[]},{"id":"ci_9771237bdd2e240642fcab71914a286aa5f598aade487c35a518fde59437d048","title":"Prerequisites","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/1.0.0/prerequisites","children":[]}]},{"id":"ci_e168264fb86580fbcff579c07924deada4d51009fdf14d82ff2d2dc65bda4b65","title":"Software Download and Installation","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/1.0.0/software-download-and-installation","children":[{"id":"ci_503560bda7c23eb1c1faa6bea24578aed35bcdceb10a112386a008996e212c35","title":"Download Utimaco Software","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/1.0.0/download-utimaco-software","children":[]}]},{"id":"ci_518bfc7997ff70ef6f5bd91ce4803b3a09bcfee101006b229f302e5081a29a72","title":"Configuring the CSP-CNG Provider","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/1.0.0/configuring-the-csp-cng-provider","children":[{"id":"ci_e84fba11173bada5242d50787af3cff46e181d94df14992990fb3b76902cf0c6","title":"Introduction and Prerequisites","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/1.0.0/introduction-and-prerequisites","children":[]},{"id":"ci_b912759ac876faf5933f1dee4e528c76b55a5850031c02a254d423d67bfb0646","title":"Creating HSM Users","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/1.0.0/creating-hsm-users","children":[{"id":"ci_24790d90349f5e7fb125bd98a38d2831feba4db4bf818a419761b5ba785f8ea9","title":"Creating a Key Manager User","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/1.0.0/creating-a-key-manager-user","children":[]},{"id":"ci_2dbd5b98265b0c680a5d1357003a4be28f15574ab94f2cd558a33afe277f9a21","title":"Creating a Crypto User","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/1.0.0/creating-a-crypto-user","children":[]}]},{"id":"ci_6cdb5c540a416db4daeb316c1e94e686dd1a70a356a3d45d49a9a429fda348e6","title":"Setting up the CSP/CNG Provider","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/1.0.0/setting-up-the-csp-cng-provider","children":[{"id":"ci_1e7c7a94935808393911ac899af5e244dee768f1d3ebb09d4bd86e2da3ed09c5","title":"Testing Connection","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/1.0.0/testing-connection","children":[]}]}]},{"id":"ci_4d4b2abd6a78a25f26bce32c4d5d567632adeb16c247029f00097a754b93c85c","title":"Installing Microsoft AD CS with Windows Enterprise","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/1.0.0/installing-microsoft-ad-cs-with-windows-enterprise","children":[{"id":"ci_beb65eea067505fa766f43f425fe8ca893c01f326905c4bdbe91758c98dfffa0","title":"Installing and Configuring the AD CS","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/1.0.0/installing-and-configuring-the-ad-cs","children":[]},{"id":"ci_2cd1b5d8c6f2a7e4c65d2795f74574273371cda93cf74b168a213f382d500246","title":"Testing the AD CS","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/1.0.0/testing-the-ad-cs","children":[]}]},{"id":"ci_4c3c7b43a00c14d4577b3031c7aad74f4579784f913b43aa692e796f107eaf01","title":"Install and Configure AD CS with Windows Server Core","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/1.0.0/install-and-configure-ad-cs-with-windows-server-co","children":[]},{"id":"ci_b16c265d78efc1c917b8d1bff74e4d0537978f069a46b16cada5edba6426e7fd","title":"Configuring the Auto-Enrollment Group Policy for a Domain","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/1.0.0/configuring-the-auto-enrollment-group-policy-for-a","children":[]},{"id":"ci_a51b1129ec3491e8eb02dfc61bb66a212a3dab8bcd0770c55b3d9e55ed10aeb7","title":"Configuring the Certificate Enrollment to use CA templates on the AD CS Server","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/1.0.0/configuring-the-certificate-enrollment-to-use-ca-t","children":[]},{"id":"ci_a799e03c7a26dbfdb11a5cdec61105f40f0e8e29816e7987890903101fb4ee90","title":"Private Key Archiving and Recovery","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/1.0.0/private-key-archiving-and-recovery","children":[{"id":"ci_d44cb2bf0c63575d2aac093bdade45a8e57a78654a703dea3e29a103d964b368","title":"Archive the CA Key","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/1.0.0/archive-the-ca-key","children":[{"id":"ci_4ad0606182569da49de30018970bfdf7035cea9eaa30f55a07736cbf07118a6b","title":"Archiving Process","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/1.0.0/archiving-process","children":[]},{"id":"ci_cfcc21903f5518a6336d535271fb43eccf9248d15ccf04cb8613a4a7ef0a5371","title":"Add a Key Recovery Agent (KRA) template to CA","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/1.0.0/add-a-key-recovery-agent-kra-template-to-ca","children":[]},{"id":"ci_e6e5d7a47ac38310c075ed7c7edaa9979270dafb0847c155f5912585290abcc2","title":"Issue the Key Recovery Agent Certificate","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/1.0.0/issue-the-key-recovery-agent-certificate","children":[]},{"id":"ci_48a75b965981753bd6547f972daa987fa7966bb18fe43d76ebbccc4580e3080c","title":"Issue the KRA Certificate","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/1.0.0/issue-the-kra-certificate","children":[]},{"id":"ci_d8583755f458b375aad2eef30bb61d4c449d8897c236714a854f915f240559a9","title":"Retrieve the issued certificate from CA","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/1.0.0/retrieve-the-issued-certificate-from-ca","children":[]},{"id":"ci_202f306c2849bbf77331f92c3ec1f91c9fc949ae9252e61983f0397dcc02a55c","title":"Configure the CA to support Key Archival","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/1.0.0/configure-the-ca-to-support-key-archival","children":[]},{"id":"ci_01602441ffa8f2378c66aecdabf98d2c7822270d5a38c5562eeaea017022b877","title":"Create a Template with Key Archival Enabled","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/1.0.0/create-a-template-with-key-archival-enabled","children":[]},{"id":"ci_216b0c5d6e128181f163502266d2472eb8ff2c79165b9a356fddddc910036c76","title":"Add a new Template to CA for Issuing","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/1.0.0/add-a-new-template-to-ca-for-issuing","children":[]},{"id":"ci_31d3ab97dd771111d765e476045783198f82b266f2662d8f1120d8318ea9e910","title":"Issue a user template with key archival enabled","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/1.0.0/issue-a-user-template-with-key-archival-enabled","children":[]}]},{"id":"ci_96fc139c241dd2391efb14447808054a220e1d0bee282eca6e301955df92c456","title":"Perform Key Recovery","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/1.0.0/perform-key-recovery","children":[]}]},{"id":"ci_bfb6691e220658c3e8ccf6eb51c2043b8b4e5827612b87f6519b3a701261ae49","title":"Migrating the Microsoft Software Key of AD CS to Utimaco HSM","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/1.0.0/migrating-the-microsoft-software-key-of-ad-cs-to-u","children":[{"id":"ci_649f4e2ed3a51bf75cb82e7bc3269c67d715803bdbb6246396420134b33d2dcc","title":"Installing AD CS with Locally Stored Primary Key","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/1.0.0/installing-ad-cs-with-locally-stored-primary-key","children":[]},{"id":"ci_2fa09f094fc08ef81255ee8a2568019a403820263246da4d72c39bf8c7c202eb","title":"Create a Backup of CA Database","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/1.0.0/create-a-backup-of-ca-database","children":[]},{"id":"ci_f2157af370d0421ff3c79d628b8a1e6f9c540139a12476d84ed3b57cec99ebaa","title":"Importing Private Key to HSM","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/1.0.0/importing-private-key-to-hsm","children":[]},{"id":"ci_c580897360c428c840fe76c500734533e76cfef343b5bbc72f8a7b02fad38ebc","title":"Synchronizing HSMs","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/1.0.0/synchronizing-hsms","children":[]},{"id":"ci_a2cc87c8b9db3a81592bda84719b628c0263092692cb116718571a44a35492c4","title":"Reintroduce the Certificate","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/1.0.0/reintroduce-the-certificate","children":[]},{"id":"ci_643eca65541160050f0fdbc95d67bcf45841f3604996cce1cd3a93635e8d7e08","title":"Configuring AD CS to Use Utimaco CryptoServer Key Storage Provider","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/1.0.0/configuring-ad-cs-to-use-utimaco-cryptoserver-key-","children":[]}]},{"id":"ci_7d0ce945e88c14eed02d2b336e9d841458ee51903b90a8b9ff4fae0df4187a7b","title":"Installing and Configuring the AD CS Failover Cluster","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/1.0.0/installing-and-configuring-the-ad-cs-failover-clus","children":[{"id":"ci_a25fc7740895de06abe1212f32227cad693b6f938bdecf0b8f04e36545344e15","title":"Installing AD CS Server role on first cluster node","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/1.0.0/installing-ad-cs-server-role-on-first-cluster-node","children":[]},{"id":"ci_0f5ad33633413017aea5270bb28a28dfb6114b5491e133fac3beaec11beac4d3","title":"Detach the shared storage form the first cluster node","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/1.0.0/detach-the-shared-storage-form-the-first-cluster-n","children":[]},{"id":"ci_59b98befa198971f20f4fabc056798a33bba18387f456424a4c569d13048ea89","title":"Import MBK and Restore the databases on second cluster node","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/1.0.0/import-mbk-and-restore-the-databases-on-second-clu","children":[]},{"id":"ci_509d300cae97926857fac3b02ea8cb00da663a28fd8025644926d2acbb6b3ebb","title":"Installing AD CS Server role on second cluster node","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/1.0.0/installing-ad-cs-server-role-on-second-cluster-nod","children":[]},{"id":"ci_5af8cc70d9eb41d921612929b37e95a027f7679e70f0e8c7b37db76b71884132","title":"Installing Failover Cluster feature on both the cluster nodes","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/1.0.0/installing-failover-cluster-feature-on-both-the-cl","children":[]},{"id":"ci_4733e888739056daa1f7a3e9976327aadf11292369c0365c91d3cfbbdbe2e822","title":"Create a Failover Cluster","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/1.0.0/create-a-failover-cluster","children":[]},{"id":"ci_be998ad105f7901fe8a451e02d2f3e0e6b0d59f2a2880b581f8eb3fd4e7e1fca","title":"Configure Role for ADCS Failover","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/1.0.0/configure-role-for-adcs-failover","children":[]},{"id":"ci_b847b340f2ecf3d558acc754d10911b4de1ce110632150b453afdfbcb6a89352","title":"Creating the CRL Objects in Active Directory","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/1.0.0/creating-the-crl-objects-in-active-directory","children":[]},{"id":"ci_a960123fa00b1b1c320bb3f6117857558401f89d26e61fe0139a45585eb7e2a8","title":"Updating the CA configuration in Active Directory","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/1.0.0/updating-the-ca-configuration-in-active-directory","children":[]}]},{"id":"ci_309f488d680065c84e2bf7d5d28c751b056e001e96b67de9cfebc12020f4496f","title":"Online Certificate Status Protocol Service","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/1.0.0/online-certificate-status-protocol-service","children":[{"id":"ci_c61d6418cad139190a23f3df6902bf559e25d343fbc80ac83336e0eb467749f2","title":"Prepare certificate template for OCSP Signing","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/1.0.0/prepare-certificate-template-for-ocsp-signing","children":[]},{"id":"ci_f097a067791a62e8188aeef5ed02043f7dcd9d8fe91dc19717c1074d045a5f63","title":"CA Configuration","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/1.0.0/ca-configuration","children":[]},{"id":"ci_51d9d2aee9f2762e189786b4dcc9819729082b2d44118bbcf5cc612bdb0ed35a","title":"Request a certificate from OCSP Response Signing template","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/1.0.0/request-a-certificate-from-ocsp-response-signing-t","children":[]},{"id":"ci_7531fb273e92c896715f5d6f0412a55c79544094cdcd2c975703801f50e602c5","title":"Install and configure Online Responder","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/1.0.0/install-and-configure-online-responder","children":[]},{"id":"ci_e987bc8bea703ff58d52bc5697220ff4cb25f93e669d73fb28344728baa2ef2d","title":"Make a Revocation Configuration","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/1.0.0/make-a-revocation-configuration","children":[]},{"id":"ci_32a822189b8835274b5480b5ba0b1c6745c889e50ea7b92a8aafc64e3fec145d","title":"Test the Online Responder","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/1.0.0/test-the-online-responder","children":[]}]},{"id":"ci_199a32677be3b93256fb96ab1b6a9bd105c6b1e5e6ab89cb5465ef5d49d573c8","title":"Further Information","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/1.0.0/further-information","children":[]},{"id":"ci_ac036ab997e40b8c4b5056867a3a941dc7ec6a2fd104af8592c7a79dbd7e245c","title":"References","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/1.0.0/references","children":[]}]