PKI - What is the equivalency of a Registration Authority (RA) in AD Certificate Services?

Question

What is the equivalency of a Registration Authority (RA) in AD Certificate Services? I was reading documentation on TechNet (the best ever, jk) and it had explained that NDES was technically the replacement for a RA. Is this correct?

score 0 · Answer 1 · answered Jun 07 '16 at 18:16

0

It is the "issuing" certificate authority server.

answered Jun 07 '16 at 18:16

Greg Askew

35,880
5
54
82

score 0 · Answer 2 · answered Jun 07 '16 at 20:11

If you are using the WCCE protocol to automate the process of requesting and receiving certificates then the CA that issues the certificate in conjunction with Active Directory is the Registration Authority.

If you are receiving requests manually and have a CA Operator process and approve them, then that individual (or organisation) is the Registration Authority.

NDES (which is a Microsoftism for SCEP) will instruct the CA to issue a certificate to a particular device, but the human CA operators are also involved as they must issue the NDES password to the network device administrators, therefore that step could be considered as the registration too.

PKI - What is the equivalency of a Registration Authority (RA) in AD Certificate Services?

2 Answers2