This page contains a collection of downloadable whitepapers on Public Key Infratructure (PKI) and Active Directory Certificate Services (ADCS) published by Microsoft starting with Windows Server 2003 and up to Windows Server 2012. In the past, Microsoft has published a number of high-quality deep detail whitepapers on PKI and ADCS in particular. I’m often using them in consulting projects and online forums. Unfortunately, some of them were lost in time and there is no “one stop shop” with links to all PKI/ADCS whitepapers. I put efforts in collecting them in a single place and I believe this collection is a true gem for every PKI admin!

There are several reasons for this publication:

  • Whitepapers written against retired Windows Server 2003 are still relevant for the most recent Active Directory Certificate Services versions;
  • Some of documents are no longer available on Microsoft Download Center and download links are dead;
  • Most whitepapers are scattered over internet and are hard to find.

Here is the table of whitepapers I have collected:

Document name Format Size
[Win2k] Windows 2000 Server and Key Management Server Interoperability PDF 1,21 MB
[Win2k3] Best Practices for Implementing a Microsoft Windows Server 2003 Public Key Infrastructure DOCX 397,01 KB
[Win2k3] Certificate Autoenrollment in Windows Server 2003 DOCX 371,92 KB
[Win2k3] Certificate Revocation and Status Checking DOCX 1,03 MB
[Win2k3] Cross-Certification and Qualified Subordination DOCX 783,08 KB
[Win2k3] Encrypting File System in Windows XP and Windows Server 2003 DOCX 403,11 KB
[Win2k3] Implementing and Administering Certificate Templates in Windows Server 2003 PDF 444,24 KB
[Win2k3] Key Archival and Management in Windows Server 2003 DOCX 1,19 MB
[Win2k3] Logistics of Smart Card Deployment DOCX 97,32 KB
[Win2k3] PKI Enhancements in Windows XP Professional and Windows Server 2003 DOCX 126,83 KB
[Win2k3] Planning and Implementing Cross-Certification and Qualified Subordination Using Windows Server 2003 DOCX 2,47 MB
[Win2k3] Step-by-Step Guide for Setting Up Secure Wireless Access in a Test Lab DOCX 1,21 MB
[Win2k3] Troubleshooting Certificate Status and Revocation PDF 1,12 MB
[Win2k3] Windows Server 2003 Operations Guide DOCX 396,58 KB
[Win2k3] Wireless LAN Security with Microsoft Windows DOCX 311,27 KB
[Win2k8] Active Directory Certificate Services Upgrade and Migration Guide DOCX 396,37 KB
[Win2k8] Administering Certificate Templates in Windows Server 2008 DOCX 980,12 KB
[Win2k8] Certificate Revocation Checking in Windows Vista and Windows Server 2008 DOCX 132,02 KB
[Win2k8] Certificate Services Enhancements in Longhorn Server DOCX 947,05 KB
[Win2k8] Failover Clustering and ADCS in Windows Server 2008 DOCX 132,07 KB
[Win2k8] Installing Configuring and Troubleshooting OCSP DOCX 790,34 KB
[Win2k8] Key Archival and Management in Longhorn Beta 3 DOCX 2,49 MB
[Win2k8] Network Access Protection Policies in Windows Server 2008 DOCX 295,69 KB
[Win2k8] Windows Server 2008 Active Directory Certificate Services Step-By-Step Guide DOCX 112,93 KB
[Win2k8] Windows Server 2008 Foundation Network Companion Guide_Deploying Server Certificates DOCX 96,55 KB
[Win2k8] Пошаговое руководство по настройке службы сертификации Active Directory в ОС Windows Server 2008 DOCX 117,52 KB
[Win2k8R2] Active Directory Certificate Services Migration Guide PDF 985,07 KB
[Win2k8R2] Cross-forest certificate enrollment with Windows Server 2008 R2 DOCX 1,49 MB
[Win2k8R2] Infrastructure Planning and Design - ADCS ZIP 1,89 MB
[Win2k8R2] Microsoft SCEP implementation whitepaper DOCX 1,49 MB
[Win2k8R2] Windows Server 2008 R2 Certificate Enrollment Web Services DOCX 12,15 MB
[Win2k12] Configuring Trusted Roots and Disallowed Certificates DOCX 35,32 KB
[Win2k12R2] Securing Public Key Infrastructure (PKI) DOCX 1,89 MB
[Win2k16] Certificate Autoenrollment in Windows Server 2016 (non-Microsoft) DOCX 1 MB

All-in-one download:

Disclaimer

This document is provided for informational purposes only and I, Vadims Podans make no warranties, either express or implied, in this document. Information in this document, including URL and other Internet Web site references, is subject to change without notice. The entire risk of the use or the results from the use of this document remains with the user. Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, e-mail address, logo, person, place, or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user.

 

I’m claiming no patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document.

All documents are presented as is and unmodified. The only modification I made was DOC format conversion to DOCX. No content was changed.

Happy reading!


Share this article:

Comments:

Guest

Great Collection!

Having difficulties with doc [Win2k8] Пошаговое руководство по настройке службы сертификации Active Directory в ОС Windows Server 2008 ;-)

Vadims Podāns

> Having difficulties

what kind of difficulties?

Guest

Cant read russian...

Vadims Podāns

The article is in Russian, it is correct. You simply can skip this document.

Roman Krylov

Thank you very much, for that material.

DTK

Vladims,

 

Thank you for aggregating and curating this great collection of PKI knowledge, some of which has become hard to find. The knowledge and the perspective of how our profession has evolved over the last two decades has been invaluable.

 

Do do you have a copy of the 2008 updated white paper titled “Microsoft IT Showcase: Deploying PKI inside Microsoft”? Brian Komar’s seminal “PKI and Certificate Security” references it as illustrating how to build an exit module. Microsoft no longer seems to host this, and while the Wayback Machine on the Internet Archive has the page to download it, the .DOC and .PPT files are not archived there. 

 

 

Thanks,

 

 - DTK 

 

 

Vadims Podāns

> Do do you have a copy of the 2008 updated white paper titled “Microsoft IT Showcase: Deploying PKI inside Microsoft”?

yes, I do. But only a 40 page .doc version, no slides unfortunately. Last update was in 2011. though, it is not a whitepaper in my understanding and I didn't publish it here. And this document doesn't provide any information on custom Exit Module development.

 

Svolotch

>>Cant read russian...

this document just translation of [Win2k8] Windows Server 2008 Active Directory Certificate Services Step-By-Step Guide

P.S. many thanks Vadims.

P.P.S. 45+0=450 !!! Stupid captcha :-) there is no declaration of types.. shold be something like [int]45+[int]0 :-)

DTK

With valuable articles disappearing from MSFT's website, here are a couple more important older docs that PKI engineers and other professionals in the space would be sad to lose

 

  • Monitoring what matters – Windows Event Forwarding for everyone: https://blogs.technet.microsoft.com/jepayne/2015/11/23/monitoring-what-matters-windows-event-forwarding-for-everyone-even-if-you-already-have-a-siem/

  • Deploying Cross-forest Certificate Enrollment: https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/ff955845(v=ws.10)

  • Certificate Expiration Alerting: https://blogs.technet.microsoft.com/nexthop/2011/11/17/certificate-expiration-alerting/

  • AD DS Site Awareness for AD CS and PKI Clients: https://social.technet.microsoft.com/wiki/contents/articles/14106.ad-ds-site-awareness-for-ad-cs-and-pki-clients.aspx

  • The Case of the Enormous CA Database: https://blogs.technet.microsoft.com/askds/2010/08/31/the-case-of-the-enormous-ca-database/

 

Joseph

Hello, 

Thank you for the efforts you put in writing these blog posts, just a small question; are these docs restricted to running a CA with ADCS or can you use them when administrating other CA programs?

Vadims Podāns

What do you mean under "other CA programs"? You mean other CA software such as EJBCA, XCA, and other? Most of documents are related to ADCS implementation specifics, so unlikely will be suitable for other CA types. Though, some documents explain questions that are CA-independent (which are common to any CA software), such as Best Practices for Implementing a Microsoft Windows Server 2003 Public Key Infrastructure and Securing Public Key Infrastructure (PKI).

David Cross

A great collection of some of my papers from almost 20 years ago!  The memories...

Bernd Abb

Very cool collection, thank you very much for your effort here!!


Post your comment:

Please, solve this little equation and enter result below. Captcha