Information Technology Reference
In-Depth Information
20. Click
OK
in the View Certificate Store dialog box to close it. Close the command prompt
window.
21. Stay logged on for the next activity.
A few windows you saw in the preceding activity need some additional explanation. The
Configure Cryptography for CA window from Step 9 of the AD CS installation includes several
options (see Figure 11-5), described in the following list:
Figure 11-5
The Configure Cryptography for CA window
•
Select a cryptographic service provider (CSP)
—This list box displays the CSPs already con-
figured in Windows Server 2008. A CSP is a library of algorithms that perform crypto-
graphic functions, such as creating hashes and encrypting and decrypting data.
•
Key character length
—This text box defines the number of bits that make up keys used in
the cryptography algorithms. Generally, the longer the key, the more difficult it is to crack.
However, longer keys also take more CPU resources to perform cryptographic functions.
•
Select the hash algorithm for signing certificates issued by this CA
—A
hash algorithm
is a
mathematical function that takes a string of data as input and produces a fixed-size value
as output. Hash values are used to verify that the original data hasn't been changed and to
sign the CA certificate and certificates issued by the CA.
•
Use strong private key protection features provided by the CSP
—If this check box is
selected, cryptographic operations require the administrator to enter a password, which
helps prevent unauthorized use of the CA and its private key.
The Details tab you viewed in Step 19 of Activity 11-2 contains a considerable amount of
information (see from Figure 11-6). The following list describes some items in this tab:
•
Version
—This field specifies the version of the X.509 standard the certificate uses. X.509 is
an international standard that defines many aspects of a PKI, including certificate formats.
Search WWH ::
Custom Search