Windows PKI blog : whitepaper

Certificate Revocation Checking Whitepaper

Yogesh Mehta — Sat, 07 Nov 2009 23:30:00 GMT

A whitepaper on Certificate Revocation Checking in Windows Vista and Windows Server 2008 has been publshed on Technet here - http://technet.microsoft.com/en-us/library/ee619730(WS.10).aspx

Topics in this whitepaper include:

· What’s new in Windows Vista and Windows Server 2008 revocation checking

· How revocation checking works

· How pre-fetching revocation information improves performance

· Support for independent OCSP signer and custom OCSP URLs

· Recommendations for optimizing the revocation experience

· Managing OCSP Settings with Group Policy

You can also download a copy of the paper here - http://go.microsoft.com/fwlink/?LinkId=145008

The content also applies to Windows 7 and Windows Server 2008 R2.

Please let me know if you have questions/feedback: ymehta@microsoft.com

Cross-forest Certificate Enrollment with Windows Server 2008 R2 Beta

MS2065 — Tue, 20 Jan 2009 10:37:22 GMT

I am excited to announce the public availability of the Cross-forest Certificate Enrollment with Windows Server 2008 R2 Beta whitepaper.

The product team worked hard to make this break through functionality happen in Windows Server 2008 R2 beta. Now is the time to evaluate cross forest certificate enrollment in your test environment. If you have specific feedback on the whitepaper, feel free to add you comments to this blog entry.

From the abstract:
Windows Server 2008 R2 Beta allows enterprises to issue digital certificates from an enterprise Certification Authority (CA) to the clients that are members of a different Active Directory (AD) forest. This process is called cross-forest certificate enrollment. This white paper will explain how the cross-forest certificate enrollment works. It will also provide deployment guidance for new and existing Active Directory Certificate Services (ADCS) deployments. The paper will cover strategies for consolidating existing certificate templates that may be already in use in the enterprise. It will present choices for ongoing management of the cross-forest certificates deployment. A PowerShell script is also provided to facilitate management tasks related to setting up and maintaining cross-forest certificate enrollment environment.

New Windows Biometric Framework and Driver Model

MS2065 — Wed, 14 Jan 2009 21:41:30 GMT

Those of you who are interested in biometrics should look at the following documents:

New whitepapers about Windows Server 2008 Certificate Services

MS2065 — Sun, 25 May 2008 22:04:30 GMT

This blog-entry has two purposes:

1) make you aware of the two new whitepapers that have been just released:

2) provide you a feedback channel. If you have comments about these two papers or any other PKI whitepapers please add a comment to this entry and we will see if we can fix the document.

Configuring and Troubleshooting Certificate Services Client–Credential Roaming

MS2065 — Mon, 18 Dec 2006 23:53:00 GMT

After a long waiting time the Certificate Services Client credential roaming whitepaper got published at http://www.microsoft.com/technet/security/guidance/cryptographyetc/client-credential-roaming/terminology-assumptions.mspx.