ncipher modules Integration Guide for Microsoft Windows Server 2008 Active Directory Certificate Services Windows Server 2008 32-bit and 64-bit



Similar documents
Integration Guide Microsoft Internet Information Services (IIS) 7.5 Windows Server 2008 R2

Thales ncipher modules. Version: 1.2. Date: 22 December Copyright 2009 ncipher Corporation Ltd. All rights reserved.

Thales nshield HSM. ADRMS Integration Guide for Windows Server 2008 and Windows Server 2008 R2.

Microsoft AD CS and OCSP Integration Guide. Microsoft Windows Server 2008 R2

Integration Guide. Microsoft Internet Information Services (IIS) 7.0 and ncipher Modules. Windows Server 2008 (32-bit and 64-bit)

ncipher Modules Integration Guide for Axway Validation Authority Server 4.11 (Responder)

Microsoft AD CS and OCSP

ncipher Modules Integration Guide for Apache HTTP Server

nshield Modules Integration Guide for Oracle Database 11g Release 2 Transparent Data Encryption

Thales Database Security Option Pack. for Microsoft SQL Server Integration Guide.

PrivateServer HSM Integration with Microsoft IIS

Thales nshield HSM. Integration Guide for ISC BIND DNSSEC.

Microsoft IIS Integration Guide

Secure IIS Web Server with SSL

Thales e-security Key Isolation for Enterprises and Managed Service Providers

Microsoft Windows Server 2008 PKI and Deploying the ncipher Hardware Security Module

EMC NetWorker Module for Microsoft for Windows Bare Metal Recovery Solution

Microsoft Windows Server 2003 Integration Guide

Check Point FDE integration with Digipass Key devices

Certification Report

IBM Client Security Solutions. Client Security User's Guide

VERITAS NetBackup 6.0

RSA Authentication Manager 7.1 Basic Exercises

SafeGuard Enterprise upgrade guide. Product version: 7

Integration Guide. Microsoft Active Directory Rights Management Services (AD RMS) Microsoft Windows Server 2008

Entrust Managed Services PKI. Configuring secure LDAP with Domain Controller digital certificates

SSL Configuration on Weblogic Oracle FLEXCUBE Universal Banking Release [August] [2014]

VERITAS NetBackup 6.0 Encryption

WhatsUp Log Management Installation and Migration Guide, including Getting Started Information. (Applies to v and later)

SQL Server 2008 R2 Express Edition Installation Guide

VERITAS Backup Exec 9.1 for Windows Servers Quick Installation Guide

How to Configure Microsoft System Operation Manager to Monitor Active Directory, Group Policy and Exchange Changes Using NetWrix Active Directory

STATISTICA VERSION 9 STATISTICA ENTERPRISE INSTALLATION INSTRUCTIONS FOR USE WITH TERMINAL SERVER

Adobe Acrobat 9 Deployment on Microsoft Systems Management

Registered Trademarks and Proprietary Names

McAfee Firewall Enterprise 8.3.1

NetBackup Backup, Archive, and Restore Getting Started Guide

Portions of this product were created using LEADTOOLS LEAD Technologies, Inc. ALL RIGHTS RESERVED.

epass2003 User Guide V1.0 Feitian Technologies Co., Ltd. Website:

VERITAS Backup Exec TM 10.0 for Windows Servers

Using Group Policies to Install AutoCAD. CMMU 5405 Nate Bartley 9/22/2005

How to Time Stamp PDF and Microsoft Office 2010/2013 Documents with the Time Stamp Server

PrivateServer HSM EKM Provider for Microsoft SQL Server

Table of Contents. CHAPTER 1 About This Guide CHAPTER 2 Introduction CHAPTER 3 Database Backup and Restoration... 15

Installing and Configuring a Server Certificate for use by MailSite Fusion with TLS/SSL A guide for MailSite Administrators

Budget Developer Install Manual 2.5

Certificates for computers, Web servers, and Web browser users

etoken Enterprise For: SSL SSL with etoken

Prisma II Software Upgrade Program (SOUP) Installation Guide

McAfee Firewall Enterprise 8.2.1

Configuring Security Features of Session Recording

Active Directory Rights Management Service Integration Guide

Parallels Virtuozzo Containers 4.6 for Windows

DIGIPASS CertiID. Getting Started 3.1.0

Setup and Configuration Guide for Pathways Mobile Estimating

Technical Notes. EMC NetWorker Performing Backup and Recovery of SharePoint Server by using NetWorker Module for Microsoft SQL VDI Solution

DIGIPASS KEY series and smart card series for Juniper SSL VPN Authentication

TECHNICAL BULLETIN. Configuring Wireless Settings in an i-stat 1 Wireless Analyzer

X.509 Certificate Generator User Manual

Active Directory Integration Guide

Symantec NetBackup Backup, Archive, and Restore Getting Started Guide. Release 7.5

SAM 8.0 Backup and Restore Guide. SafeNet Integration Guide

Application Note Gemalto.NET 2.0 Smart Card Certificate Enrollment using Microsoft Certificate Services on Windows 2008

SAM Backup and Restore Guide. SafeNet Integration Guide

Portions of this product were created using LEADTOOLS LEAD Technologies, Inc. ALL RIGHTS RESERVED.

Using SQL Reporting Services with Amicus

ChangeAuditor. Migration Guide CA-MG

DATACARD Firmware Update Instructions. Contents. Firmware Update Application for Windows Operating Systems. What You Need

Wavecrest Certificate

Getting Started Guide

Digipass Plug-In for IAS. IAS Plug-In IAS. Microsoft's Internet Authentication Service. Installation Guide

Using Microsoft s CA Server with SonicWALL Devices

Inmagic ODBC Driver 8.00 Installation and Upgrade Notes

Moving the TRITON Reporting Databases

Installing Active Directory

Administrator s Guide

XenClient Enterprise Synchronizer Installation Guide

Thales e-security keyauthority Security-Hardened Appliance with IBM Tivoli Key Lifecycle Manager Support for IBM Storage Devices

Entrust Managed Services PKI

E-CERT C ONTROL M ANAGER

SafeGuard Easy upgrade guide. Product version: 7

Topaz Installation Sheet

SafeGuard Enterprise upgrade guide. Product version: 6.1

@ptitude Observer. Installation Manual. Part No Revision G

S/MIME on Good for Enterprise MS Online Certificate Status Protocol. Installation and Configuration Notes. Updated: October 08, 2014

EMC NetWorker Module for Microsoft for Windows Bare Metal Recovery Solution

ACTIVE DIRECTORY DEPLOYMENT

Using etoken for SSL Web Authentication. SSL V3.0 Overview

Setting Up SSL on IIS6 for MEGA Advisor

ShadowProtect Granular Recovery for Exchange Migration Scenarios

WHITE PAPER Citrix Secure Gateway Startup Guide

Sharpdesk V3.5. Push Installation Guide for system administrator Version

Sage HRMS 2014 Sage Employee Self Service Tech Installation Guide for Windows 2003, 2008, and October 2013

Silect Software s MP Author

HP ProtectTools Embedded Security Guide

Using Entrust certificates with Microsoft Office and Windows

Registered Trademarks and Proprietary Names

Generating SSH Keys and SSL Certificates for ROS and ROX Using Windows AN22

SOCET GXP V4.1 LICENSE MANAGER QUICK-START GUIDE

Transcription:

ncipher modules Integration Guide for Microsoft Windows Server 2008 Active Directory Certificate Services Windows Server 2008 32-bit and 64-bit

Version: 1.8 Date: 05 March 2010 Copyright 2010 ncipher Corporation Ltd. All rights reserved. These installation instructions are intended to provide step-by-step instructions for installing ncipher software with third-party software. These instructions do not cover all situations and are intended as a supplement to the ncipher documentation provided with ncipher products. Disclaimer: ncipher Corporation Ltd disclaims all liabilities regarding third-party products and only provides warranties and liabilities with its own products as addressed in the Terms and Conditions for Sale. ncipher is a registered trademark of ncipher Corporation Limited. Any other trademarks referenced in this document are the property of the respective trademark owners. Integration Guide for Microsoft Windows Server 2008 Active Directory Certificate Services 2

Contents 1. Introduction 4 2. Supported ncipher functionality 5 3. Requirements 5 4. Procedures 6 5. Installing the HSM 6 6. Installing the ncipher support software and creating the security world 7 7. Installing Microsoft Active Directory Certificate Services 8 7.1. Installation procedure 8 7.2. Display of windows by services 10 8. Migrating a certificate between certificate authorities 11 8.1. Migrating from a Windows Server 2003 CA to a Windows Server 2008 CA 11 9. Setting up key use counting 13 9.1. Key use counter overview 13 9.2. Key use counter increments 13 9.3. Installing Certificate Services with key use counting 14 9.4. Keeping a record of the key count using Windows 2008 audit facilities 14 10. Interoperation notes 15 11. Addresses 16 Integration Guide for Microsoft Windows Server 2008 Active Directory Certificate Services 3

1. Introduction The ncipher HSM integrates with Microsoft Windows Server 2008 Active Directory Certificate Services (AD CS) on Windows Server 2008 to provide full key life-cycle management with FIPS certified hardware and to reduce the cryptographic load on the host server CPU. The benefits of using an HSM with AD CS include: Secure storage of the private key. FIPS 140-2 level 3 validated hardware. Improved server performance through offloading of cryptographic processing. Secure storage of certificates private keys. Full life cycle management of the keys. Failover support. This document explains how to set up and configure AD CS with an HSM. The instructions in this document have been thoroughly tested and provide a straightforward integration process. There may be other untested ways to achieve interoperability. This document may not cover every step in the process of setting up all the software. This document assumes that you have read your HSM documentation and that you are familiar with the documentation and setup process for AD CS. For more information about installing the AD CS, refer to the Microsoft documentation. The integration between the HSM and AD CS has been tested for the following combinations: Operating system ncipher version PCI support nethsm support nshield Connect support Windows Server 2008 32-bit and 64-bit Windows Server 2008 32-bit and 64-bit 11.11 Yes Yes -- 11.30 Yes Yes Yes For more information about OS support, contact your Microsoft sales representative or Thales Support. For more information about contacting Thales, see Addresses at the end of this guide. Additional documentation produced to support your ncipher product can be found in the document directory of the CD-ROM or DVD-ROM for that product. Throughout this guide, the term HSM refers to nshield Solo modules, nethsm, and nshield Connect products. (nshield Solo products were formerly known as nshield). Integration Guide for Microsoft Windows Server 2008 Active Directory Certificate Services 4

2. Supported ncipher functionality Soft Cards Key Management Strict FIPS Support Key Recovery Module Only Key K-of-N Card Set Key Generation Key Import Fail Over Fall Back Load Balancing Preload support 3. Requirements Before attempting to install the software, we recommend that you familiarize yourself with the AD CS documentation and setup process and that you have the ncipher documentation available. We also recommend that there be an agreed organizational Certificate Practices Statement and Security Policy/Procedure in place covering administration of the HSM. In particular, these documents should specify the following aspects of HSM administration: The number and quorum of Administrator Cards in the Administrator Card Set (ACS), and the policy for managing these cards. Whether the application keys are protected by the module or an Operator Card Set (OCS). The number and quorum of Operator Cards in the OCS, and the policy for managing these cards. Whether the security world should be compliant with FIPS 140-2 level 3. Key attributes such as the key size, persistence, and time-out. Whether there is any need for auditing key usage. Whether to use ncipher s Cryptographic Service Providers for Cryptographic API: Next Generation (CNG) or CryptoAPI (CAPI). We recommend that you use CNG for full access to available features and better integration with Windows Server 2008. For more information, refer to the User Guide for the HSM. Integration Guide for Microsoft Windows Server 2008 Active Directory Certificate Services 5

4. Procedures To set up and configure the AD CS with an HSM: 1. Install the HSM. 2. Install the ncipher Support Software, and configure the Security World. 3. Install Microsoft Active Directory Certificate Services. In addition, this guide describes the following procedures: Migrating a certificate between certificate authorities Setting up key use counting. All these procedures are described in the following sections. 5. Installing the HSM Install the HSM using the instructions in the Hardware Installation Guide for the HSM. We recommend that you install the HSM before configuring the ncipher software and before installing and configuring AD CS. Integration Guide for Microsoft Windows Server 2008 Active Directory Certificate Services 6

6. Installing the ncipher support software and creating the security world To install the ncipher Software and create the security world: 1. Install the latest version of the ncipher support software as described in the User Guide for the HSM. 2. Initialize a security world as described in the User Guide for the HSM. You can also use the CSP Install Wizard or the CNG Configuration Wizard to create a Security World for nshield PCI HSMs. For nshield Connect modules and nethsms, we recommend that you use the front panel user interface to create the Security World. 3. Register the Cryptographic Service Providers that you intend to use. For CAPI on 64-bit Windows, both 32-bit and 64-bit CSP Install Wizards are available. If you intend to use ncipher s CAPI CSPs from both 32-bit and 64-bit applications, or if you are unsure, run both wizards. The CNG Configuration Wizard registers the ncipher CNG Providers for use by both 32-bit and 64-bit applications where relevant. For detailed information on registering the ncipher CAPI CSPs or CNG Providers, the User Guide for the HSM. Integration Guide for Microsoft Windows Server 2008 Active Directory Certificate Services 7

7. Installing Microsoft Active Directory Certificate Services 7.1. Installation procedure If you intend to enable key use counting, read Setting up key use counting before proceeding. To install and configure Microsoft Active Directory Certificate Services: 1. From the Windows Start menu, select Start > Administrative Tools > Server Manager. The Select Server Roles window appears. 2. Right-click Roles (on the left), and select Add Roles. The Select Server Roles window appears. 3. Ensure that Certification Authority is selected. 4. Optionally, if you want to submit certificate requests by means of a Web interface, ensure that Certification Authority Web Enrollment is selected. 5. Click Next. The Specify Setup Type window appears. 6. Select the appropriate Certification Authority (CA) setup type for your requirements: Enterprise. Standalone. If your machine is not a member of an Active Directory domain, only Standalone is available. 7. Click Next. The Specify CA Type window appears. 8. Select the type of Certification Authority (CA) for your requirements: Root. Subordinate. If your CA is to be the only CA, select Root. If you want to use multiple CAs, select Root or Subordinate according to where in the hierarchy this CA is to appear. Integration Guide for Microsoft Windows Server 2008 Active Directory Certificate Services 8

9. Click Next. The Set Up Private Key window appears. 10. Select the private key setup appropriate for your requirements: For a typical installation, select Create a new private key. If you have special requirements, such as Key Use counting, or if you are migrating from a previous CA, select Use existing private key. 11. Click Next. The Configure Cryptography for CA window appears. 12. If you have chosen to create a new private key, select a key algorithm and provider from a drop-down list: We recommend that you select either RSA or one of the ECDSA curves (ECDSA_P256, ECDSA_P384 or ECDSA_P512) with the ncipher Security World Key Storage Provider. If you select ECDSA, also select a comparable size of hash algorithm: SHA256 with ECDSA_P256, SHA384 with ECDSA_P384 and SHA512 with ECDSA_P521. If you are using the ncipher CAPI CSP, select the ncipher Enhanced Cryptographic Provider. Ensure that you select Use strong private key protection features. If you are using the ncipher CAPI or CNG providers and you do not select Use strong private key protection features, the AD CS installation can fail. AD CS does not support the use of standard DSA root keys. If you select a DSA key in the Configure Cryptography for CA window, the AD CS installation fails. For further information, see http://support.microsoft.com/kb/946387. 13. As prompted, enter a name for the CA. 14. As prompted, enter a certificate validity period. After installing AD CS, you must register nfast Server as a dependency of the CA service to ensure that the ncipher CNG or CAPI CSPs are available for use before the CA starts up by running the command: ncsvcdep -a certsvsc By default, the ncsvcdep.exe ncipher utility is installed in the %NFAST_HOME%\bin directory. Integration Guide for Microsoft Windows Server 2008 Active Directory Certificate Services 9

7.2. Display of windows by services In order to improve security, Windows Server 2008 does not allow services to display a window on the desktop that can be generally seen by users. Instead, any windows created by services are presented on what is termed the Session 0 desktop. Users are alerted to the fact that a service is trying to display a window by a dialog box: If your CA private key is protected by an OCS, Certificate Services may need to display dialogs prompting the user to insert Operator Cards or enter of pass phrases. In such cases, the Interactive services dialog detection window appears and the user must select Show me the message. Integration Guide for Microsoft Windows Server 2008 Active Directory Certificate Services 10

8. Migrating a certificate between certificate authorities You can choose to move a certificate from one CA server to another. Such certificate migration may be appropriate in cases such as: Upgrading from a Windows Server 2003 CA to a Windows Server 2008 CA. Reinstalling Windows Server 2008 on a new computer. This section describes the procedures to use when an HSM is involved in such a certificate migration. 8.1. Migrating from a Windows Server 2003 CA to a Windows Server 2008 CA To migrate a certificate and private key protected by an HSM from a Windows Server 2003 CA to a Windows Server 2008 CA. 1. On Windows Server 2003: a. Back up the key management data, located in: ncipher Support Software versions earlier than 11.03: %NFAST_HOME%\kmdata\local (by default, C:\nfast\kmdata\local). ncipher Support Software versions 11.03 or later: %NFAST_KMDATA%\local (by default, C:\ProgramData\nCipher\Key Management Data\local). b. Ensure that you keep any of the Security World s Administrator Cards and Operator Cards because you will need them to restore the Security World and access the keys. 2. On Windows Server 2008: a. Install the ncipher Support Software. b. Stop the nfast Server service by running the command: net stop "nfast Server" c. Replace the Key Management Data folder %NFAST_KMDATA%\local (by default, C:\ProgramData\nCipher\Key Management Data\local) with the key management files you backed up from the Windows 2003 installation. d. Start the nfast Server service by running the command: Integration Guide for Microsoft Windows Server 2008 Active Directory Certificate Services 11

net start "nfast Server" e. If one or more of the HSMs you intend to use must be added to the Security World, follow the instructions in the User Guide for the HSM. You must have a quorum of Administrator Cards from the Security World. f. Either continue using the ncipher CAPI private key from the original CA with CAPI, or import your existing CAPI key into the ncipher CNG key storage provider: If you plan to use CAPI, run the CSP Install Wizard(s), and select the existing CAPI key when running the AD CS role installation wizard. If you wish to import your existing CAPI key into CNG, first run the CNG Configuration Wizard, then identify the ncipher key file name that corresponds to the signing key in the named CAPI container, by running the command: csputils m d n SAMPLE-CAPI-CONTAINER-CA This command produces output of the form: Detailed report for container ID #00c1deb83de30a7015e15e8e9e763742fc3e1d48 Filename: key_mscapi_container- 00c1deb83de30a7015e15e8e9e763742fc3e1d48 Container name: SAMPLE-CAPI-CONTAINER-CA Container is a machine container. CSP DLL name: ncsp.dll Filename for signature key is key_mscapi_eea3d453a94b8890f5fc4c2e920c93813ee6d5ee Key was generated by the CSP Key hash: eea3d453a94b8890f5fc4c2e920c93813ee6d5ee Key is recoverable. Key is cardset protected. Cardset name: SampleCardset Sharing parameters: 1 of 1 shares required. Cardset hash: 22f94c0d459594b230da3255af46d7446af81d42 Cardset is non-persistent. No key exchange key. Detailed report for container ID #736289b47d43712053edb23bfe0cae4085d2a2e7 You require the Key hash from this output to identify the signing key to the cngimport tool: cngimport --import -machine-key -- key=eea3d453a94b8890f5fc4c2e920c93813ee6d5ee --appname=mscapi NEW- CNG-KEY-NAME-CA Confirm that the key has been imported successfully by running the command: cnglist --list-keys g. Follow the procedure for installing Microsoft Active Directory Certificate Services in Installation procedure until the Set up Private Key window appears. h. In the Set up Private Key window, select Existing Private Key. i. Select AD CS > Private Key > Existing Key (on the left-hand side of the window). Integration Guide for Microsoft Windows Server 2008 Active Directory Certificate Services 12

j. Select the existing CA key in Select the key that you want to use for this CA (on the right-hand side of the window). k. Complete the remainder of the procedure for installing Microsoft Active Directory Certificate Services as described in Installation procedure. After you complete the remainder of the AD CS installation procedure, the Windows Server 2008 CA is successfully configured with the private key that was generated when the original Windows Server 2003 CA was installed. 9. Setting up key use counting Setting up key use counting is optional; the procedure described in this section does not apply to most setups. If you do not follow the procedure described in the section, key use counting is not installed. You cannot add key use counting to a key retrospectively. If you require key use counting, follow the instructions for the procedure described in this section. 9.1. Key use counter overview The key use counter is used to audit usage of the Certification Authority (CA) signing key; it maintains a count of how many times the key has been used. We recommend the key use counter for use principally with a root CA that undergoes a low volume of signings in which the count can be logged immediately before servicing a signature request and after the signature request has been serviced. This ensures that any illicit use of the CA is revealed through discrepancies in the counter log. You also need to consider the following information about the key use counter: The counter resides in the NVRAM of the HSM. The counter is a 64-bit integer counter associated with a single private key. The counter is started at zero. If the maximum count is reached, the counter restarts at zero. The counter can exist only on one HSM. If more than one HSM is attached to the server, you must choose which HSM stores the counter. If the module firmware is upgraded, the counter value is lost. If the certification authority start-up event in the Security log wrongly reports a usage count of zero for the signing key, see http://support.microsoft.com/kb/951721. 9.2. Key use counter increments The key use counter increments are dependent on the type of CA (such as offline or online issuing) and the cryptographic operations that are executed by the CA to service a certificate signature request (CSR). The key Integration Guide for Microsoft Windows Server 2008 Active Directory Certificate Services 13

counter is incremented by values that range from zero to three. The CA audit logs record the key use count whenever CA is started or stopped. 9.3. Installing Certificate Services with key use counting To install Certificate Services with key use counting: 3. If it is not already present on your system installation, create the file %SystemRoot%\capolicy.inf (where %SystemRoot% is the system environment variable for the Windows installation folder, by default C:\WINDOWS\capolicy.inf) with the following content: [Version] Signature="$Windows_NT$" [certsrv_server] EnableKeyCounting=1 You must create the capolicy.inf file before Certificate Services is installed. 4. Generate a key with use counting enabled in the specified container by running the command: keytst.exe m s c <SAMPLE-CA-NAME> In this command, <SAMPLE-CA-NAME> can be your choice of key name. 5. To generate a CNG key with use counting enabled, ensure %NFAST_HOME%\bin is set in your PATH, and run the command: cngsoak -s l <RSA_KEY_SIZE> C k machine --nc o 1 t 1 n <SAMPLE-CA- NAME> In this command, <RSA_KEY_SIZE> is the size of the RSA key and <SAMPLE-CA-NAME> can be your choice of key name. For CNG keys created with the cngsoak utility, the initial count is 1 instead of 0. You cannot use ECDSA with key use counting because the CA only supports the use of existing ncipher RSA private keys. 6. After you have generated suitable key, follow the procedure for installing Microsoft Active Directory Certificate Services in Installation procedure until the Set up Private Key window appears. 7. In the Set up Private Key window, select Existing Private Key, and select the key that you generated with key use counting enabled. 9.4. Keeping a record of the key count using Windows 2008 audit facilities Windows 2008 provides the facility to keep an audit record of the key count every time the CA is stopped or started. To enable this facility: 1. Right-click on the CA and open its Properties dialog. Integration Guide for Microsoft Windows Server 2008 Active Directory Certificate Services 14

2. Select Start and stop Active Directory Certificate Services (under Events to audit on the Auditing tab). 3. From the Windows Start menu, run secpolicy.msc. The Local Security Policy window appears. 4. Select Audit Policy (on the left-hand side of the window), and enable Object access auditing for success and failure (on the right-hand side of the window). 5. Update the local security policies by opening a command prompt and running the command: gpupdate.exe /force Windows 2008 now keeps an audit record of the key count every time the CA is stopped or started. The audit records contain a record of the key use count. To view audit records, navigate to Windows Logs > Security and open the Event Viewer. The audit records have an Event ID of 4880. 10. Interoperation notes To ensure successful integration of an ncipher HSM with Certificate Services on Windows Server 2008, take note of the following: In Strict-FIPS security worlds, you cannot use ECDSA as either the CA certificate signing algorithm or for any certificate requests submitted to the CA. For information about a fix for this issue consult Microsoft support, reference 952722. The CA in Windows Server 2008 no longer supports the use of DSA with any Cryptographic Service Provider. You cannot currently configure the CA to use an existing ECDSA private key during Certificate Services installation. You cannot use the Create New Private Key option during the Certificate Services installation to generate keys with a use count. In such a case, if you want to you key use counting, you must use an existing private key. For more information, see Setting up key use counting. The use of a particular Cryptographic Service Provider for the CA private key does not prevent other CSPs being used for the private keys of certificate requests submitted to the CA. After installing Certificate Services, you must run the command ncsvcdep -a certsvc to ensure that the CA service waits for the ncipher software to become available before starting. Failure to run this command can result in the CA not starting after a server reboot. Integration Guide for Microsoft Windows Server 2008 Active Directory Certificate Services 15

11. Addresses Americas 2200 North Commerce Parkway Suite 200 Weston Florida 33326 USA Tel: +1 888 744 4976 or + 1 954 888 6200 sales@thalesesec.com Asia Pacific Units 2205-06 22/F Vicwood Plaza 199 Des Voeux Road Central Hong Kong PRC Tel: + 852 2815 8633 asia.sales@thales-esecurity.com Australia 103-105 Northbourne Avenue Turner ACT 2601 Australia Tel: +61 2 6120 5148 sales.australasia@thales-esecurity.com Europe, Middle East, Africa Meadow View House Long Crendon Aylesbury Buckinghamshire HP18 9EQ UK Tel: + 44 (0)1844 201800 emea.sales@thales-esecurity.com Internet addresses Web site: Support: Online documentation: International sales offices: www.thalesgroup.com/iss http://iss.thalesgroup.com/en/support.aspx http://iss.thalesgroup.com/resources.aspx http://iss.thalesgroup.com/en/company/contact%20us.aspx Integration Guide for Microsoft Windows Server 2008 Active Directory Certificate Services 16

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information