This page contains a collection of downloadable whitepapers on Public Key Infratructure (PKI) and Active Directory Certificate Services (ADCS) published by Microsoft starting with Windows Server 2003 and up to Windows Server 2012. In the past, Microsoft has published a number of high-quality deep detail whitepapers on PKI and ADCS in particular. I’m often using them in consulting projects and online forums. Unfortunately, some of them were lost in time and there is no “one stop shop” with links to all PKI/ADCS whitepapers. I put efforts in collecting them in a single place and I believe this collection is a true gem for every PKI admin!
There are several reasons for this publication:
Here is the table of whitepapers I have collected:
All-in-one download:
Disclaimer
This document is provided for informational purposes only and I, Vadims Podans make no warranties, either express or implied, in this document. Information in this document, including URL and other Internet Web site references, is subject to change without notice. The entire risk of the use or the results from the use of this document remains with the user. Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, e-mail address, logo, person, place, or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user.
I’m claiming no patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document.
All documents are presented as is and unmodified. The only modification I made was DOC format conversion to DOCX. No content was changed.
Happy reading!
Great Collection!
Having difficulties with doc [Win2k8] Пошаговое руководство по настройке службы сертификации Active Directory в ОС Windows Server 2008 ;-)
> Having difficulties
what kind of difficulties?
Cant read russian...
The article is in Russian, it is correct. You simply can skip this document.
Thank you very much, for that material.
Vladims,
Thank you for aggregating and curating this great collection of PKI knowledge, some of which has become hard to find. The knowledge and the perspective of how our profession has evolved over the last two decades has been invaluable.
Do do you have a copy of the 2008 updated white paper titled “Microsoft IT Showcase: Deploying PKI inside Microsoft”? Brian Komar’s seminal “PKI and Certificate Security” references it as illustrating how to build an exit module. Microsoft no longer seems to host this, and while the Wayback Machine on the Internet Archive has the page to download it, the .DOC and .PPT files are not archived there.
Thanks,
- DTK
> Do do you have a copy of the 2008 updated white paper titled “Microsoft IT Showcase: Deploying PKI inside Microsoft”?
yes, I do. But only a 40 page .doc version, no slides unfortunately. Last update was in 2011. though, it is not a whitepaper in my understanding and I didn't publish it here. And this document doesn't provide any information on custom Exit Module development.
>>Cant read russian...
this document just translation of [Win2k8] Windows Server 2008 Active Directory Certificate Services Step-By-Step Guide
P.S. many thanks Vadims.
P.P.S. 45+0=450 !!! Stupid captcha :-) there is no declaration of types.. shold be something like [int]45+[int]0 :-)
With valuable articles disappearing from MSFT's website, here are a couple more important older docs that PKI engineers and other professionals in the space would be sad to lose
Monitoring what matters – Windows Event Forwarding for everyone: https://blogs.technet.microsoft.com/jepayne/2015/11/23/monitoring-what-matters-windows-event-forwarding-for-everyone-even-if-you-already-have-a-siem/
Deploying Cross-forest Certificate Enrollment: https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/ff955845(v=ws.10)
Certificate Expiration Alerting: https://blogs.technet.microsoft.com/nexthop/2011/11/17/certificate-expiration-alerting/
AD DS Site Awareness for AD CS and PKI Clients: https://social.technet.microsoft.com/wiki/contents/articles/14106.ad-ds-site-awareness-for-ad-cs-and-pki-clients.aspx
The Case of the Enormous CA Database: https://blogs.technet.microsoft.com/askds/2010/08/31/the-case-of-the-enormous-ca-database/
Hello,
Thank you for the efforts you put in writing these blog posts, just a small question; are these docs restricted to running a CA with ADCS or can you use them when administrating other CA programs?
What do you mean under "other CA programs"? You mean other CA software such as EJBCA, XCA, and other? Most of documents are related to ADCS implementation specifics, so unlikely will be suitable for other CA types. Though, some documents explain questions that are CA-independent (which are common to any CA software), such as Best Practices for Implementing a Microsoft Windows Server 2003 Public Key Infrastructure and Securing Public Key Infrastructure (PKI).
A great collection of some of my papers from almost 20 years ago! The memories...
Very cool collection, thank you very much for your effort here!!
Post your comment:
Comments: