Server Licensor Certificates
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
A server licensor certificate grants to an RMS server the right to issue certificates and licenses. When the first server in the root cluster of your RMS deployment is provisioned, it receives a server licensor certificate from the Microsoft Enrollment Service. This process is called enrollment. This certificate contains the public key of the root cluster, and it is signed by the private key of the Enrollment Service. Other servers that are added to the root cluster share this certificate.
During provisioning, the first server in a licensing-only cluster receives a server licensor certificate from the RMS root cluster in a process that is called subenrollment. This certificate contains the public key of the licensing-only cluster, and it is signed by the private key of the root cluster. Other servers that are added to the licensing-only cluster share this certificate.
The following table lists the rights that are granted to servers by server licensor certificates.
| Grants the right to issue | Server licensor certificate that is issued to a server in the root cluster | Server licensor certificate that is issued to a server in a licensing-only cluster |
|---|---|---|
Rights account certificates |
Yes |
No |
Publishing licenses |
Yes |
Yes |
Use licenses |
Yes |
Yes |
Subordinate server licensor certificates |
Yes |
No |
Client licensor certificates |
Yes |
Yes |
Note
RMS does not require separate licensing-only cluster, but separate licensing-only clusters can be used to offload licensing requests that are from the root cluster. Administrators may also want to set up licensing-only cluster to meet the needs of internal organizations that require direct control over publishing secure content. For example, general corporate policies that are implemented in the rights policy templates of the root cluster may not specify some of the rights that are required by a particular department. In this case, the department may deploy a separate licensing-only cluster to store its rights policy templates and handle its licensing requests.