By David B. Cross and Ayman AlRashed

Microsoft Corporation

This document provides a guide for administrators on how to configure and operate a Windows certification authority. Various operational scenarios, custom configuration information, sample commands, and best practices are provided.

Windows Server 2003 provides a flexible and low TCO solution for deploying a public key infrastructure. Due to the complexity of customer environments and various organization requirements, a Windows Server 2003 certification authority (CA) may require configuration changes. This white paper provides operational best practices and configuration walkthroughs for some of the more common scenarios. It is not intended to cover the entire scope of all operational scenarios and configuration parameters possible with the Windows Server 2003 CA.

In This White Paper

• Basic Administrative Tasks
  
  
• Migrating from a Stand-alone to an Enterprise CA
  
  
• Windows Server 2003 PKI and Role-Based Administration
  
  
• Role Separation
  
  
• CA Auditing
  
  
• Setting Up CA Auditing
  
  
• Auditing and Event Management
  
  
• CA Maintenance
  
  
• Custom CA Configuration
  
  
• Enrollment Processing
  
  
• Tuning CA Database Performance
  
  
• Viewing Extended Information
  
  
• Managing Subject Relative Distinguished Names in the Certificate Subject
  
  
• Enabling the Netscape Revocation Method
  
  
• Configuring the SMTP Exit Module
  
  
• Using SSL to Communicate with Exchange Server
  
  
• Related Links for Windows Server 2003 PKI Operations
  
  
• Appendix A for Windows Server 2003 PKI Operations