Active Directory Certificate Service (AD CS)

Role Service within AD CS:
1. Certification Authority
2. Certificate Enrollment Policy Web Service
3. Certificate Enrollment Web Service
4. Certification Authority Web Enrollment
5. Network Device Enrollment Service
6. Online Responder

Certification Authority
It is used to issues digital certificates.
It is the core of the AD CS.

Certificate Enrollment Policy Web Service (CEP)
It is a web service that enables users and PC to get certificate enrollment policy information.
This information includes what types of certificates can be requested and which CAs can issue them.

Certificate Enrollment Web Service (CES)
It is a web service that allows users and PC to enroll certificate by HTTPS protocol.
CES & CEP enables policy-based certificate enrollment for non-domain client or client does not connection to domain.

Certification Authority Web Enrollment
It allows client computers to submit PKCS #10 requests.
It provide a browser-based interactive method.
The default URL is “http://<CA Server name>/CertSrv”

Network Device Enrollment Service
It implements the Simple Certificate Enrollment Protocol (SCEP)
Network device can use SCEP to enroll certificate.

Online Responder
It is used to manage the configuration of the OCSP.
Online Certificate Status Protocol (OCSP) use to determine the state of an identified certificate.

How to install Certification Authority and Certification Authority Web Enrollment: