Export (0) Print
Expand All

Selecting an Extended CA Infrastructure Configuration

Updated: March 28, 2003

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

You can use one of three configurations to create an extended CA trust infrastructure:

  • Third-party root CA. Use a third-party CA as a root CA for a new extended CA hierarchy shared between two organizations.

  • New root CA. Establish your own new root CA to combine separate CA hierarchies for two organizations.

  • Cross-certification and qualified subordination . Keep the existing CA hierarchies separate, but use cross-certification and qualified subordination to implement as much or as little trust as needed between the two organizations.

There are advantages and disadvantages to each approach. If you need to extend your CA infrastructure to include third-party PKIs, you need to evaluate the requirements of your organization to determine the method that is most appropriate for you.

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft