Certificate Practice Statement (CPS)
AD CS component that provides a detailed explanation of how a particular Certification Authority manages certificates and keys.
Certification Authority (CA)
Entity, such as a Windows Server 2008 server running the AD CS server role, that issues and manages digital certificates for use in a PKI.
Certification Authority Web Enrollment
PKI feature that allows users to manually request certificates using a Web interface.
Certificate Revocation List (CRL)
PKI component that identifies certificates that have been revoked or terminated as well as the corresponding user, computer, or service.
DHCP enforcement
NAP enforcement method that relies on DHCP to enforce client compliance.
enforcement point
Server that houses the NAP Enforcement Server component.
enterprise CA
CA that is integrated with Active Directory to allow additional functionality.
health certificate
NAP component used to maintain information about the health compliance (or lack thereof) of a NAP client.
Health Registration Authority (HRA)
NAP component that can obtain health certificates from client computers when the IPSec enforcement method is in use.
intermediate CA
CA that is subordinate to a root CA within a hierarchical PKI infrastructure.
key archival
Process by which private keys in an Active Directory environment are maintained by the CA for retrieval by a recovery agent.
key recovery agents
User accounts that are configured with a Key Recovery Agent certificate that allows them to recover private keys on behalf of users/computers/services whose private keys have been lost or corrupted.
NAP administration server
NAP component that manages NAP server-side components.
NAP Agent
NAP component that maintains information about the health of the NAP client computer.
Online Responder
AD CS service that responds to requests from clients concerning the revocation status of a particular certificate, sending back a digitally signed response indicating the certificate’s current status.
private key
Component of public key cryptography that is only known to each individual certificate holder.
public key
Component of public key cryptography that is known to the public at large.
public key cryptography
Encryption method that uses a two-part key: a public key and a private key.
recovery agents
Configured within a CA to allow one or more users (typically administrators) in an Active Directory environment to recover private keys for users, computers, or services if their keys are lost.
revocation configuration
PKI configuration item that allows Online Responders to respond to client requests for certificate revocation status.
root CA
CA that is authoritative for all Certificate Services within a given network.
shared secret key
Cryptography method in which secret key information is known by both parties.
Simple Certificate Enrollment Protocol (SCEP)
Protocol used by the Network Device Enrollment Service.
Smart card
Small physical devices, usually the size of a credit card or keychain fob, that have a digital certificate installed on them.
Smart card reader
Physical device attached to a workstation that allows users who use a smart card to authenticate to an Active Directory domain, access a Web site, or authenticate to other secured resources.
Statement of Health (SOH)
NAP component that indicates the status of a particular System Health Agent.
Statement of Health Response (SOHR)
NAP component generated by an SHV in response to client Statements of Health.
System Health Agent (SHA)
NAP component that maintains information and reporting on one or more elements of the health of a NAP client.
System Statement of Health (SSOH)
Collection of Statements of Health for all SHAs configured on a client computer.
System Statement of Health Response (SSOHR)
NAP component that combines individual Statement of Health Responses before returning them to the NAP enforcement client.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>