[{"id":"ci_893d23d115fae7d8dfba1801071aa7f0f908e7e6c38d1966d01bee67ab80193e","title":"Version Information and PDF Download","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/2.0.0/version-information","children":[]},{"id":"ci_8a8e157f1f31990ca39891abd3a47ebed1a3b4daf4777de5dd6b77455eb9950d","title":"Introduction","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/2.0.0/introduction","children":[{"id":"ci_9a5ceaf405218f9b91ffad2e8a36ecd6c31b98c8c7b80fc36908e01cf977e839","title":"About This Guide","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/2.0.0/about-this-guide","children":[]},{"id":"ci_3223e95021f0730ee28a7050e8e843acbba69da5324ea801777943b4f3da76a7","title":"Target Audience","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/2.0.0/target-audience","children":[]},{"id":"ci_bfe49b6358c95356a6e46b9addd1e237670c0dbd311e90fe8b76c9eb38c05c59","title":"Abbreviations","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/2.0.0/abbreviations","children":[]},{"id":"ci_e2ed6c04a1bdee9e885a0b690a2981d6747c8c2ce1456600a585a813f0d6a095","title":"Document Conventions","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/2.0.0/document-conventions","children":[]}]},{"id":"ci_c8b155bd259e09c3dc7270e5d0d309c908efd833d68845f9a9157da0a153a58e","title":"Product Overview","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/2.0.0/product-overview","children":[{"id":"ci_6a0cd994caf71fc321122750d5f91ed049aa1a94c62ff166b08d6c760a59f75c","title":"Microsoft Active Directory Certificate Services","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/2.0.0/microsoft-active-directory-certificate-services","children":[]},{"id":"ci_66fca7671560fc99bded56e5ab4ecde36b178dbfacc3bfc0d82305f2dfd2ce52","title":"Online Certificate Service Protocol","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/2.0.0/online-certificate-service-protocol","children":[]},{"id":"ci_c93528b3cbccf81ef3d4a3b7e0e53458837c059c3c0a3b5febf037f981a00ab0","title":"Utimaco u.trust Anchor HSM","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/2.0.0/utimaco-u-trust-anchor-hsm","children":[]}]},{"id":"ci_6e667ee97aa1041a92b96c12aaaa49a06df7e40f1c31a9faddb7cc2b60986c96","title":"Integration Requirements and Prerequisites","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/2.0.0/integration-requirements-and-prerequisites","children":[{"id":"ci_1aee9d445db3ab45e82e7e44202f28a1009ca2305db25bfe55134b67acb991e5","title":"Tested Versions","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/2.0.0/tested-versions","children":[]},{"id":"ci_7a5d6ef77957cfb801bacf8f6a916721aa5223496363b0d36d78e95a5d4017f7","title":"Hardware and Software Requirements","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/2.0.0/hardware-and-software-requirements","children":[]},{"id":"ci_57c55f14d790e921cef3bd54e66b13ef0bcbab82f0df4b3e75eed3ba1e7039cc","title":"Prerequisites","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/2.0.0/prerequisites","children":[]}]},{"id":"ci_2f9ec57261c8174426169625d475a4350853639558aff39b5ca871e7124241b7","title":"Installation and Configuration","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/2.0.0/installation-and-configuration","children":[{"id":"ci_614925b1e4e166ffb7bca4a99497bbf56430e0c27483cd3178b92f7cd237067b","title":"Setting Up u.trust Anchor HSM","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/2.0.0/setting-up-u-trust-anchor-hsm","children":[]},{"id":"ci_cb92b08b41704c3aad8b1cdf12d5290eb18523e4dc3b9e36c29b6da8e218d7f2","title":"Setting Up Microsoft AD CS","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/2.0.0/setting-up-microsoft-ad-cs","children":[{"id":"ci_bcaa4df76ecfb8e4d697395957447299270b65922ac0315daa1c6e6651f765b1","title":"Install Microsoft AD CS with Windows Enterprise","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/2.0.0/install-microsoft-ad-cs-with-windows-enterprise","children":[]},{"id":"ci_27ef0f5c439f07c7aade15ac65a30a16049691757511c5d9c2de9bf4b5c3b876","title":"Install Microsoft AD CS with Windows Server Core","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/2.0.0/install-microsoft-ad-cs-with-windows-server-core","children":[]}]}]},{"id":"ci_f206479fa13bbc2f64e1d973b77b74916cf07c725c67e0eb38e20e5aefd62bdc","title":"Integration Steps","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/2.0.0/integration-steps","children":[{"id":"ci_78ac72c12462bd25b70607bcefe4e9966a8e89a839388581f15f315ca8202330","title":"Configuration on u.trust Anchor","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/2.0.0/configuration-on-u-trust-anchor","children":[{"id":"ci_6071adb8829ad52f8b18a8663eb3c0c996e3f83055b24ae0aaed30e943d77d7d","title":"Configuring the CSP-CNG Provider","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/2.0.0/configuring-the-csp-cng-provider","children":[{"id":"ci_8ea8864ec37709c23914d35c4a5851dc7a15c5c63d171662cf39012c3d026fc1","title":"Creating HSM Users","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/2.0.0/creating-hsm-users","children":[]},{"id":"ci_4271b95944d673cb5be8167defea5a7ec5956abce592687964046658a8f949ca","title":"Setting up the CSP/CNG Provider","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/2.0.0/setting-up-the-csp-cng-provider","children":[]}]}]},{"id":"ci_1485189540e7c36ff57ce7cd8d123bd6aa71a16170e03d4b7f1a93ec569670eb","title":"Configuration on Microsoft AD CS","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/2.0.0/configuration-on-microsoft-ad-cs","children":[{"id":"ci_c104296a82b69daf4759877b059688a57b7ed804c3b106207308830741a6259f","title":"Configure the CA with Windows Enterprise","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/2.0.0/configure-the-ca-with-windows-enterprise","children":[]},{"id":"ci_4f650d0dda07b87e7c6546510672a1450c00e14efed14457fbe789ab2c286ae2","title":"Configure the CA with Windows Server Core","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/2.0.0/configure-the-ca-with-windows-server-core","children":[]},{"id":"ci_f2d8ff403bea29954518fb62c157dfd9f66a8fb5063237a8cbeb03e7f71334a1","title":"Testing the AD CS","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/2.0.0/testing-the-ad-cs","children":[]},{"id":"ci_fa65c08815ce6a15f86a861f97d86ab2c38c4df310adf1b0fab76e48396d67d2","title":"Configuring the Auto-Enrollment Group Policy for a Domain","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/2.0.0/configuring-the-auto-enrollment-group-policy-for-a","children":[]}]}]},{"id":"ci_257249383735def0d5e64a500b7a1aa2788b8defd469c05de610e27bb257127f","title":"Verification and Testing","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/2.0.0/verification-and-testing","children":[{"id":"ci_dbab9e986f70755b0d6d11125132c65eb46799bff083ec2f303885768650db61","title":"Functional Testing","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/2.0.0/functional-testing","children":[{"id":"ci_813418d39bf993903aa5259ea8a025c0c8883533964f5948ef8ea00638d79aae","title":"Configuring the Certificate Enrollment to Use CA Templates on the AD CS Server","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/2.0.0/configuring-the-certificate-enrollment-to-use-ca-t","children":[]},{"id":"ci_be90d53648ac7086927d866d90f16b4bef1c591056254fc1d41aed66d8aa07cd","title":"Private Key Archiving and Recovery","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/2.0.0/private-key-archiving-and-recovery","children":[{"id":"ci_cf394955019e84ad03726e5bd103b905ccda827b1069f772dd4007a4c67500fd","title":"Archive the CA Key","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/2.0.0/archive-the-ca-key","children":[{"id":"ci_54ae9f4d96a71153ef604875a1f9bb6ed16f5e75e70f3a322ed584b251836817","title":"Archiving the CA Key","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/2.0.0/archiving-the-ca-key","children":[]},{"id":"ci_2be4d4d957def4fa40fa5bf70b0e30632f2d69ae4bfeae2ff6a8de385d1dbc2b","title":"Add a Key Recovery Agent (KRA) Template to CA","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/2.0.0/add-a-key-recovery-agent-kra-template-to-ca","children":[]},{"id":"ci_4e7426a0c73e37715e6cc31ea56b30c4ac5627eda50e76766bd9cf7df3e130aa","title":"Issue the Key Recovery Agent Certificate","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/2.0.0/issue-the-key-recovery-agent-certificate","children":[]},{"id":"ci_35084cee579d60e8f73b8b140ab9eaa0e5fb1e1f5b1f17097552ae0a6469c20d","title":"Issue the KRA Certificate","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/2.0.0/issue-the-kra-certificate","children":[]},{"id":"ci_b5a79b52c75dc43d9f96e740ce6fee7090393bc4df2f630fb1e1775c317ac127","title":"Retrieve the Issued Certificate from CA","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/2.0.0/retrieve-the-issued-certificate-from-ca","children":[]},{"id":"ci_c6595aec2754ecc445864ee302a99c636372fd890644d4428bec6225f1163c8c","title":"Configure the CA to Support Key Archival","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/2.0.0/configure-the-ca-to-support-key-archival","children":[]},{"id":"ci_bfe0e7358ecffd036993b9b884dcf138db8f3e9b46d5c4b1d931c99e5a2f04b7","title":"Create a Template with Key Archival Enabled","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/2.0.0/create-a-template-with-key-archival-enabled","children":[]},{"id":"ci_3703e748180881e5851c5553ef5aeac3af3a97df08616d5e5e37590355c9bca9","title":"Add a New Template to CA for Issuing","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/2.0.0/add-a-new-template-to-ca-for-issuing","children":[]},{"id":"ci_685aefe1ece5527822a37bafadcbda88eb09754b046eef5fc1d485071b895248","title":"Issue a User Template with Key Archival Enabled","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/2.0.0/issue-a-user-template-with-key-archival-enabled","children":[]}]},{"id":"ci_5753488201401c562279710b93a25f8a40f3ea746d6898f522569bd28296baa6","title":"Perform Key Recovery","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/2.0.0/perform-key-recovery","children":[]}]},{"id":"ci_19c3996f6a83c64aaf4b5b596ff7b27f67b7b5d81ed5991e26d22adb04a54588","title":"Migrating the Microsoft Software Key of AD CS to Utimaco HSM","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/2.0.0/migrating-the-microsoft-software-key-of-ad-cs-to-u","children":[{"id":"ci_6c29120fe9a307eb7d389e6d9b7f9fb1e93fceb18e38e7a2d8e24d2134477563","title":"Installing AD CS with Locally Stored Primary Key","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/2.0.0/installing-ad-cs-with-locally-stored-primary-key","children":[]},{"id":"ci_2f437e7d0d36271497baadfa742f375df2942313b5dcdad4df166c9931b33eb1","title":"Create a Backup of CA Database","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/2.0.0/create-a-backup-of-ca-database","children":[]},{"id":"ci_9aa538274243696f80605ea51fba3ac24a31e4cea365a513e4ba438ac32a46d7","title":"Importing Private Key to HSM","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/2.0.0/importing-private-key-to-hsm","children":[]},{"id":"ci_5dae997c5a0a385780ca4d796636808c07b008ca6ba684550878827611c661b9","title":"Synchronizing HSMs","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/2.0.0/synchronizing-hsms","children":[]},{"id":"ci_396533565b71ce165de38237160f89f66d0115c3baab0578ad7b8e94c701cd2b","title":"Reintroduce the Certificate","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/2.0.0/reintroduce-the-certificate","children":[]},{"id":"ci_495ceab4f99f5600b5ee290d88ca52cf10528f865a71a99bee5e9e8055bc31dd","title":"Configuring AD CS to Use Utimaco CryptoServer Key Storage Provider","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/2.0.0/configuring-ad-cs-to-use-utimaco-cryptoserver-key-","children":[]}]},{"id":"ci_10be655fd19be782891466f91ed3a4dca52b1635c26dc40eb866ccc0b46f8541","title":"Installing and Configuring the AD CS Failover Cluster","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/2.0.0/installing-and-configuring-the-ad-cs-failover-clus","children":[{"id":"ci_05e9fe5cd020276d9308272b3cfcdda35fc8878e665efcc7583334acb92475f4","title":"Installing AD CS Server Role on First Cluster Node","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/2.0.0/installing-ad-cs-server-role-on-first-cluster-node","children":[]},{"id":"ci_6174fd0b236204aabf2b56ea84922cb984fe8f43e167847a872b06b8130b9c14","title":"Detach the Shared Storage from the First Cluster Node","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/2.0.0/detach-the-shared-storage-from-the-first-cluster-n","children":[]},{"id":"ci_92b5b1bb4fdc546755e61017662679e9f2bb8e85cc67d73ebf286e783e585ca9","title":"Import MBK and Restore the Databases on Second Cluster Node","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/2.0.0/import-mbk-and-restore-the-databases-on-second-clu","children":[]},{"id":"ci_0898dc4b481b4927f7ce17c5de250e92cd76fea930d59f951182b24a4d68d9cc","title":"Installing AD CS Server Role on Second Cluster Node","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/2.0.0/installing-ad-cs-server-role-on-second-cluster-nod","children":[]},{"id":"ci_cfa1ccc49eabd7bbf6f790243a2a2a43fe209160907c236d35c597849144032a","title":"Installing Failover Cluster Feature on Both the Cluster Nodes","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/2.0.0/installing-failover-cluster-feature-on-both-the-cl","children":[]},{"id":"ci_51869a22d9db214df1dbab640eb7267908a993c4541f2b3c098deb37576ce1ed","title":"Create a Failover Cluster","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/2.0.0/create-a-failover-cluster","children":[]},{"id":"ci_869b974aaa46415a082850d7a5564127bc8605b1769e53b485189ed5c9b2f306","title":"Configure Role for ADCS Failover","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/2.0.0/configure-role-for-adcs-failover","children":[]},{"id":"ci_e8d67af05ed3476995f10e470c0312f60fb8d6cb34716e748ada97427627dc3a","title":"Creating the CRL Objects in Active Directory","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/2.0.0/creating-the-crl-objects-in-active-directory","children":[]},{"id":"ci_4800a61cec5f2d550f5bdc3400340f5bba9fc64d8fbf2323f5c484e5cd75b8a2","title":"Updating the CA Configuration in Active Directory","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/2.0.0/updating-the-ca-configuration-in-active-directory","children":[]}]},{"id":"ci_68dc48423146e39d82dfe1b4d7827f261dc09a4c2025405cd4ef470183e86247","title":"Online Certificate Status Protocol Service","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/2.0.0/online-certificate-status-protocol-service","children":[{"id":"ci_6e2ee2b4364949543a40119486331d0c2d53f0e267a866fc930a4f1bcc702bf7","title":"Prepare Certificate Template for OCSP Signing","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/2.0.0/prepare-certificate-template-for-ocsp-signing","children":[]},{"id":"ci_274df5fa1ac1ebdf5a6a120e448da638f6268c7dcb76b5ea2450551188c38de7","title":"CA Configuration","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/2.0.0/ca-configuration","children":[]},{"id":"ci_de4d1d9fdc54f5080742f5ce097fba439963a747e6c3c18a8683be9cafa9fb55","title":"Request a Certificate from OCSP Response Signing Template","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/2.0.0/request-a-certificate-from-ocsp-response-signing-t","children":[]},{"id":"ci_51a13d7545d6e921e9720ed1d664487f6ffa15fca3a83874847003756d647df7","title":"Install and Configure Online Responder","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/2.0.0/install-and-configure-online-responder","children":[]},{"id":"ci_b5aa0162893782aa3eb70c497b6a86dbd0aac80c3e1f1d9f2216aaa8ed081166","title":"Make a Revocation Configuration","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/2.0.0/make-a-revocation-configuration","children":[]},{"id":"ci_838026626e85f9d208def22d435541d298f00e514d8fb02516983747bb2549ec","title":"Test the Online Responder","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/2.0.0/test-the-online-responder","children":[]}]}]}]},{"id":"ci_a127db378e7e246a9f7004cdf9be46c71b105d93513c1a2645d698d36863fea5","title":"Troubleshooting","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/2.0.0/troubleshooting","children":[{"id":"ci_8c9bcc60fcb8fe432eb9f6ae33cc159c190e28d2e46a1f690c3c4ed6fc44a49c","title":"Common Issues and How to Resolve Them","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/2.0.0/common-issues-and-how-to-resolve-them","children":[]},{"id":"ci_8535192f885939aae3e44d81ec3c46eb9e5c0838c422268173f15cb1c435400e","title":"Log Locations and Interpretation","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/2.0.0/log-locations-and-interpretation","children":[]}]},{"id":"ci_9c46e0c6f9cb1f5515bc66b23914b75aa41b50662149f4c630c5c79282000208","title":"Appendices","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/2.0.0/appendices","children":[{"id":"ci_c3a1416015b5ac7b4506d6e7ba8221a74c74da85ad94ef034afa8a683f2e61c2","title":"References","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/2.0.0/references","children":[]},{"id":"ci_f4ae5311cb7646da1a5f5e1540d6ee89554170dff819d6f4fa15af44e5310e47","title":"Command Summary","path":"/microsoft-ad-certificate-services-and-online-certificate-service-protocol-and-securityserver/2.0.0/command-summary","children":[]}]}]