A certificate is an electronic credential that authenticates the identity of users and computers. Certificates safeguard your intranet against forgery or impersonation by an outside party. If someone in your organization connects to a Web site or a server in another company, and that server has a certificate signed by an authority you trust, you can be confident that the company the certificate identifies actually operates the server.
Certificates are issued by a
Note In Outlook, certificates are also known as digital IDs.
CAs revoke certificates when the private key associated with the certificate is compromised, or when the subject of the certificate leaves an organization. CAs maintain and publish a list of certificates that have been revoked, called the certification revocation list (CRL). CAs also maintain a certificate trust list (CTL), which administrators can consider reputable for designated purposes. For example, Certificate Services can publish a CTL of valid certificates for authenticating users, and another one for secure e-mail. For more information, see the Windows 2000 documentation on Certificate Services.
Certificate Services issues industry-standard X.509v3 (version
3) certificates, which are recognized by
Users running Outlook 97 or older versions do not support S/MIME. Instead they use the proprietary Exchange 4.0/5.0 security message format, which uses X.509v1 (version 1) certificates. Because these clients cannot use the X.509v3 certificates issued by Certificate Services, KMS will continue to issue X.509v1 certificates to them. By default, only X.509v3 certificates will be issued to your Advanced Security users until you configure KMS to issue version 1 certificates.
Related TopicsConfigure a Certificate Version Key Pairs