1
00:00:09,420 --> 00:00:18,480
After you design and deploy C hierarchy you must configure various options for CS you must have efficient

2
00:00:18,510 --> 00:00:29,380
methods for C hierarchy management and for configuring security options or auditing and monitoring ADC

3
00:00:29,380 --> 00:00:34,360
s provides several methods for C hierarchy management.

4
00:00:34,650 --> 00:00:44,010
In this section you'll learn how to administer and manage C a hierarchy and c is so after completing

5
00:00:44,010 --> 00:00:54,330
the section you'll be able to explain how to manage C is describe how to configure C security describe

6
00:00:54,330 --> 00:01:04,140
how to configure security roles for C administration describe how to configure or C a policy and exit

7
00:01:04,140 --> 00:01:15,060
modules describe how to configure C DP and a I a locations and configure C properties.

8
00:01:15,570 --> 00:01:24,140
But before we start the section as usual let's answer several reassessment questions.

9
00:01:24,170 --> 00:01:31,820
Question one which of the following options are true statements regarding a role based administration

10
00:01:31,850 --> 00:01:35,210
of your ADC as deployment.

11
00:01:35,420 --> 00:01:46,070
Option 1 ADC is automatically creates three built in roles and groups for C. administrator cert manager

12
00:01:46,190 --> 00:01:49,960
and enrollee option 2.

13
00:01:50,090 --> 00:01:56,990
You can grant ADC s role groups one or more of the following C permissions.

14
00:01:56,990 --> 00:02:04,700
Manage C issue and manage certificates read and to request certificates.

15
00:02:04,700 --> 00:02:05,780
Option 3.

16
00:02:05,840 --> 00:02:15,950
You can limit the issue of and manage certificates C permission to a specific template or set of templates

17
00:02:16,890 --> 00:02:25,290
option for you can create custom ADC as a rule groups based on the specific needs of your organization

18
00:02:25,860 --> 00:02:34,590
and the last option is the authenticated user security principal canon rule for any certificate that

19
00:02:34,590 --> 00:02:44,490
is pushed on and c no stop here and think about the correct answers and the correct answers are option

20
00:02:44,490 --> 00:02:52,100
2 option 3 and option 4 rule based administration and ADC.

21
00:02:52,140 --> 00:02:56,640
So that concept not a feature that is installed automatically.

22
00:02:56,880 --> 00:03:04,710
Therefore you must manually create any role groups after you have created a role group you can assign

23
00:03:04,710 --> 00:03:09,530
it to one or more of the following C permissions.

24
00:03:09,960 --> 00:03:15,890
Manage C issue and manage certificates read request certificates.

25
00:03:16,080 --> 00:03:22,620
You can customize the rules according to the needs of your organization including restriction on the

26
00:03:22,620 --> 00:03:29,870
issue and manage certificates permission to a specific template or set of templates.

27
00:03:29,880 --> 00:03:38,430
There are some ticketed users security principal can request and a certificate but the certificate template

28
00:03:38,730 --> 00:03:45,530
controls the ability to enroll not the C itself.

29
00:03:45,540 --> 00:03:53,880
Now let's answer the second question which of the following are true statements regarding the a I and

30
00:03:53,980 --> 00:03:58,950
DP extensions of a C we have 5 4 options.

31
00:03:59,010 --> 00:04:00,050
Option 1.

32
00:04:00,090 --> 00:04:09,090
Each extension requires a minimal of 2 Well it and accessible your ls for certificate will edition to

33
00:04:09,090 --> 00:04:19,090
function properly option 2 you can manually publish of line and standalone sales certificates and serials

34
00:04:19,580 --> 00:04:22,500
in the HDD environment.

35
00:04:22,520 --> 00:04:23,770
Option 3.

36
00:04:23,780 --> 00:04:34,400
The order in which you specify a and c DP your Ls is not as important as certificate chain in engine

37
00:04:34,730 --> 00:04:43,840
that automatically orders locations based on the fastest connection option for to facilitate certificate

38
00:04:43,840 --> 00:04:46,870
validation for external clients.

39
00:04:46,870 --> 00:04:57,760
You should publish external and CTP URLs by using H2 t bills through a window server 2016 web application

40
00:04:57,760 --> 00:04:58,690
proxy.

41
00:04:59,050 --> 00:05:07,420
And the last option is if you are using an enterprise C internal certificate validation will work without

42
00:05:07,510 --> 00:05:09,670
any additional configuration.

43
00:05:10,060 --> 00:05:20,730
Press both here and think about it and the correct answers are option 2 option 4 and option 5 for a

44
00:05:20,720 --> 00:05:29,370
certificate validation to function the ANZ Id be extensions must contain a minimum of 1 Well it and

45
00:05:29,370 --> 00:05:37,830
accessible your rule for a fly on and standalone CS you can manually publish the C certificate and CRL

46
00:05:37,830 --> 00:05:48,480
into Edit Here's the order of a and c or else is important as a certificate change and engine will search

47
00:05:48,480 --> 00:05:50,130
them sequentially.

48
00:05:50,370 --> 00:05:52,150
You should place the Urals.

49
00:05:52,260 --> 00:05:55,760
Most likely to be away lable at the top of the euro.

50
00:05:55,770 --> 00:05:56,360
Order.

51
00:05:57,280 --> 00:06:06,080
To facilitate certificate validation for external clients you can publish AAA and CTP or else by using

52
00:06:06,220 --> 00:06:13,950
H2 to pass through a window server 2016 web application proxy or other third party.

53
00:06:14,060 --> 00:06:23,600
Reverse props proxies solution if you are a an island and an enterprise certificate validation will

54
00:06:23,600 --> 00:06:31,520
work automatically for internal clients but might require further configuration in other scenarios.

55
00:06:31,520 --> 00:06:41,060
So after completing this assessment let's get started and begin to this section which is administering

56
00:06:41,070 --> 00:06:44,080
CS elsewhere in the next lesson.