Active Directory Certificate Services
Active Directory Certificate Services enables organizations to implement a public key infrastructure so they can deploy and manage public key cryptography, digital certificates, and digital signature capabilities for users and devices.
The first version of came with Windows Server 2008,the previous versions were simply known as Certificate Services.
AD CS is composed of several role services that perform different tasks for clients. One or more of these role services can be installed on a server as required. These services are as follows:
Certification Authority: Installs the core CA component, which allows a server to issue, revoke, and manage certificates for clients. This role can be installed on multiple servers within the same root CA chain.
Certification Authority Web Enrollment: Handles the web-based distribution of certificates to clients.Requires Internet Information Services to be installed on the server.
Online Responder: Responds to individual client requests regarding information about the validity of specific certificates.Used for complex or large networks.
Certificate Enrollment Web Service: Enables users and computers to enroll for certificates remotely or from nondomain systems via HTTP.
Certificate Enrollment Web Policy Service: Works with the related Certificate Enrollment Web Service, but only provides policy information rather than certificates.
Network Device Enrollment Service: Streamlines the way that network devices such as routers receive certificates.