Export (0) Print
Expand All
This topic has not yet been rated - Rate this topic

Designing Root CAs

Updated: March 28, 2003

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

A CA infrastructure consists of a hierarchy of CAs that trust one another and authenticate certificates belonging to one another. Within this infrastructure, a final authority, called a root CA, must be in place. The root CA certifies other certification authorities to publish and manage certificates within the organization. Before you establish a CA hierarchy, you must determine the following:

  • Who designates the root certification authority in the organization. For example, determine whether this is the responsibility of central IT, divisional IT departments, or a third-party organization.

  • Where the root certification authority is to be located.

  • Who manages the root certification authority.

  • Whether the role of the root CA is only to certify other certification authorities, or also to serve certificate requests from users.

After you have made these determinations, you can define the roles for any additional certification authorities, including who manages them and what trust relationships they have with other CAs. For more information about CA roles, see "Defining CA Roles in the Trust Hierarchy" later in this chapter.

Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft. All rights reserved.