Updated: August 13, 2009
Applies To: Windows Server 2003 with SP1
By David B. Cross and Carsten B. Kinder, Microsoft Corporation
In This White Paper
About This Document (Best Practices for Implementing a Microsoft Windows Server 2003 Public Key Infrastructure)
Overview of the PKI Design Process (Best Practices for Implementing a Microsoft Windows Server 2003 Public Key Infrastructure)
Integration Into Existing Environments (Best Practices for Implementing a Microsoft Windows Server 2003 Public Key Infrastructure)
Windows Server 2003 PKI and Dependencies (Best Practices for Implementing a Microsoft Windows Server 2003 Public Key Infrastructure)
Deployment Planning (Best Practices for Implementing a Microsoft Windows Server 2003 Public Key Infrastructure)
Creating Certificate Policies and Certificate Practice Statements
Example Scenario for Contoso
Stand-alone Offline Intermediate CA (IntermediateCA1)
Stand-alone Offline Intermediate CA (CorporateSub2CA)
Online Enterprise Issuing CAs (CorporateEnt1CA)
Certification Authority Maintenance
Appendix A: Directory Objects
Contents of \\Localhost\CertConfig and \\Localhost\CertEnroll
Relationship of the Configuration Container and Certificate Store
Default CA Certificate and CRL Storage
Mapping Custom Object Identifiers to Friendly Names
CAPolicy.inf Syntax
CRL Distribution Point Replacement Token
CRL Publishing Properties
AIA Publishing Properties
Sample Script to Configure CorporateRootCA
Sample Script to Configure IntermediateCA
Sample Script to Configure the EnterpriseSubCA
Appendix B: Parameters for a Three-Tier CA Topology
Appendix C: Additional Information