›› Certificate Services
Microsoft's Certificate Services allow you to be your own certification authority (CA) and receive requests for certificates, issue and revoke certificates, verify the message and identity of the requester, and publish a Certificate Revocation List (CRL). Overall, Certificate Services gives you the ability to manage certifcates with the Public Key Infrastructure (PKI). If this all makes perfect sense to you, great! It's probably safe for you to skip down to the bottom of the page. If not, then don't worry, more explanation follows.
Let's back up here a minute and explain a few things first. You may be wondering to yourself what a certificate is and how it's used. A certificate, or a digital certificate, is an electronic attachment to any data, file, or email that contains information that is able to prove your identity online. Certificates were created for security purposes in order to ensure that the sender of a message is who they say they are, the message gets read only by the intended party, and that the message does not get altered on its way to the recipient. Since the Internet can be a potentially hostile place for private communication, certificates have been used for a number of reasons including: sending secure email, transfering encrypted data over the Web, placing online orders with a credit card, and so on.
Certificates are issued by a certification authority (CA). A CA is a trusted third-party organization that verifies your identity to validate that you are who you claim to be. They are almost like a notary in that they are the ones that give the official public seal of approval on your identity over the Web. Certificates typically contain information like your name, an expiration date, a serial number, a digital signature from the CA so that the recipient will know that the certificate is authentic, and a copy of your public key.
Since a public key is included in your certificate, you may be wondering what a public key is. In the world of cryptography, the science of encrypting and decrypting information for security purposes, public/private key pairs are very important in the process of sending and transferring secure data over the Web. The public key is a random value of numbers and letters, generated by an algorithm, that is accessible to everyone since it gets published on the Web as being your unique public key, and it allows for the encryption of messages and information. A private key is also a series of numbers and letters that gets generated simultaneously by the same algorithm as the public key, but it is used to decrypt data and it is only known to the recipient of the message, not everyone. Public/private key pairs, certificates, certification authorities, etc... are all part of a Public Key Infrastructure (PKI). PKI is the name given to the whole system that allows for information to be sent over the Internet in a secure manner using public/private key pairs, certificates, etc...
An example of how this crazy system works is definitely in order. If you're lost, hopefully this will help. Let's say that Bob is the president and Mary is the head of Human Resources for the same company. Let's say that Bob is interested in obtaining a report that contains all employee's salaries in the company. Bob would like Mary to prepare the report and email it to him since his office is in Atlanta and Mary's office is in Chicago. Since Bob does not want this report to get intercepted by the wrong people, he wants to use a PKI system to ensure that the message is safe over the Web. Bob goes to a certification authority and shows them proof of identification in order to obtain a certificate. His certificate includes a public/private key pair. His private key is known only to him and is never made public, but his public key is published in a directory by the CA so that anyone that wants to send Bob an encrypted message now has access to his public key. Well, Mary now has Bob's public key from the CA directory, so she uses Bob's public key to encrypt the data in the report. She sends off the encrypted data to Bob, who then receives the messge and has to use his private key to decrypt it in order to read the data. Only Bob's private key will work to read the report, so if anyone intercepted the message, they would not be able to read the data. Thus, Mary and Bob know that Bob is the only one that can view the report. In the future, Bob can use Microsoft's Certificate services to become his own certification authority and issue and revoke certificates for others.
If you are the average home user and you do not want to use the PKI system and you have no interest in becoming a CA, then it is safe to Disable this one. If you plan on becoming a CA yourself, then you will want this one set to Automatic. If you do use this service and you do decide to disable or stop it later on, Microsoft warns that certificate requests will not be accepted and the CRLs will not be published. If you allow Certificate Services to be disabled long enough, you run the risk of losing validation on existing certificates.
Service Name | CertSvc |
Display Name | Certificate Services |
Executable File Name | certsvc.exe |
Dependencies | None |
Reciprocal Dependencies | None |
Default Startup Type | Automatic |
Recommended Startup Type | Disabled (if you do not use certificates), Automatic (if you do use certificates) |
Fearful of losing money and clients due to Windows Service failures? Automatically restart your Windows Services with Service Hawk, and keep those services up and running!