What Do I Do with Certificates?
Once your enterprise users have obtained certificates, there are a multitude of uses for them. Applications can use them to prove your identity, send encrypted information, and provide nonrepudiation of data. It is important to note that applications must be written specifically to take advantage of certificate-based security. Users cannot take advantage of all the benefits of certificates without supporting software.
Users can, however, manage their certificates and certificate stores. As we’ll see in later chapters, very little certificate management is done on the Windows Server 2003 family certification authority. This means that virtually all certificate management happens on or at the request of the user’s computer. As we’ll see, some of this management is done automatically with no user intervention or knowledge, and some requires user understanding and cooperation.
Distributing Certificates
You have already read that certificates have numerous purposes, depending on the applications deployed. Most of those applications require that you have obtained someone else’s certificate—specifically, that of the user or computer you want to securely communicate with. Without that information, you cannot authenticate the recipient and do not have the public key with which to encrypt sensitive data. You must obtain this certificate to proceed with operations that require it.
The most basic way to obtain another user’s certificate is to ask her to send it to ...
Get Securing Windows Server 2003 now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.