Active Directory Certificate Services (AD CS)

Active Directory Certificate Services (AD CS) provides the public key infrastructure (PKI) functionality that underpins identities and other security functionality on the Windows domain (i.e. file encryption, email encryption, and network traffic encryption). It can create, validate and revoke public key certificates for internal uses of an organization.

According to Microsoft, AD CS is a “Server Role that allows you to build a public key infrastructure (PKI) and provide public key cryptography, digital certificates, and digital signature capabilities for your organization.”

Frequently Asked Questions
What are the benefits of using AD CS?

AD CS provides an organization with the PKI infrastructure required for using digital certificates to secure web servers (SSL/TLS), certificate-based authentication, digital signatures for documents, encrypting emails (S/MIME), etc. Without AD CS, an organization would have to rely on a third party to provide these services or forgo deploying certificates.

Does running an active directory certificate service requires running my own CA?

Running AD CS means that you are running your own CA.

Why should I use active directory certificate service?

AD CS provides an organization with the PKI infrastructure required for using digital certificates to secure web servers (SSL/TLS), certificate-based authentication, digital signatures for documents, encrypting emails (S/MIME), etc.