The Active Directory Certificate Services (ADCS) uses Microsoft Certificate Services Remote Administration (MS-CSRA) protocol (for certification revocation and CRL publishing) and MS-WCCE (for Certificate issuance and renewal). The ADCS provides customizable services for issuing and managing public key infrastructure (PKI) certificates used in software security protocols.


For detailed information on integrating MS ADCS with the ADSS Server, please refer to the 'Quick-Guide-for-Configuration-of-MS-ADCS-with-ADSS-Server.pdf' located in the [ADSS-Installation-Directory]/docs folder.


To configure the Microsoft Active Directory Certificate Services as an external CA, select the Microsoft ADCS from the CA Type drop down. The following page will be shown to configure the Microsoft ADCS:




The items in the above screen are described below:


Items

Description

CA  Alias

It is a user defined unique name for easy management of certificate authorities within ADSS Server. This is only for human identification purposes.

CA Type

ADSS Server can be configured to get the certificates issued from the Microsoft ADCS. The requests that are received at certification service are forwarded to Microsoft ADCS for certificate issuance. The supported request types are:  

  • CREATE
  • RENEW
  • REKEY
  • REVOKE
    Revocation reasons can include: 
    • certificateHold

CA Certificate

All the CA certificates configured in Trust Manager with purpose CA (will be used to verify other certificates and CRLs) will be available here for configurations. 
Select the required Microsoft ADCS which will be used to issue the target certificates. 

Note: It is required to register the complete chain of the Microsoft ADCS in Trust Manager

CA Host Name

The CA Host Name refers to the machine address used to identify the CA on the DCOM interface. It enables the operator to execute multiple CA management tasks, such as revocation.

CA Authority Name

The CA Authority Name is a sanitized identifier used to recognize the CA on the DCOM interface. It enables the operator to execute multiple CA management tasks, such as revocation.

Microsoft Certificate Template

These are the certificate templates that are configured at MS ADCS server. Users have the option to select multiple Microsoft Certificate Templates. These templates are accessible in the Certification Profile, Key Manager, and Manual Certification modules.

Fetch Templates

Clicking on this button will allow the user to fetch all the certificate templates configured at MS ADCS server.

Username

Specify the Windows Domain User for basic authorization in the provided field. 

Password

Specify the password for Basic authorization in the provided user.


The below points must be noted for MS ADCS:

  1. The Windows is connected with an enterprise CA, therefore ADSS Server and the enterprise CA must share the same domain.
  2. The user configured at ADSS Server at the time of installation must have the access to the MS ADCS.


Submitting Request to CA & Processing Response from CA 

The details of this use case are explained under Certification Service > Identity Certificates. For more information, click here.


See also

ADSS CA Server

Microsoft CA
Symantec MPKI
GlobalSign EPKI
GlobalSign HVCI
EJBCA
QuoVadis CA
Entrust CA

Entrust CA Gateway
Offline External CA
DigiCert PKI

DigiCert ONE MPKI
Microsoft Active Directory Certificate Services