.png)
Public Key Infrastructure
Updated: March 16, 2008
Applies To: Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
This page lists resources for public key infrastructure (PKI) in Windows Server 2003. A PKI is a system of digital certificates, certification authorities (CAs), and other registration authorities that verify and authenticate the validity of each party involved in an electronic transaction.
Getting Started
-
Checklist: Configuring certificate autoenrollment
This checklist provides an overview of the steps needed to configure certificate autoenrollment. -
Checklist: Creating a certification hierarchy with an offline root certification authority
This checklist provides an overview of the steps needed to create a certification hierarchy with an offline root CA. -
Checklist: Credential roaming
This checklist provides an overview of the steps needed to use credential roaming. -
Checklist: Decommissioning a certification authority
This checklist provides an overview of the steps needed to decommission a CA.
Planning and Architecture
-
Certificate Services Best practices
This topic provides a list of best practices for Certificate Services. -
Certificate Templates Best practices
This topic provides a list of best practices for certificate templates. -
Implementing and Administering Certificate Templates in Windows Server 2003
This white paper discusses the best practices in designing, administering, and implementing version 2 certificate templates by using Windows Server 2003 Enterprise Edition and enterprise CAs. -
Planning and Implementing Cross-Certification and Qualified Subordination Using Windows Server 2003
This white paper provides a technical reference and planning guide for PKI administrators who want to perform PKI cross-certification, deploy bridge CAs, and understand how to implement qualified subordination in Windows Server 2003.
Deployment
-
Best Practices for Implementing a Microsoft Windows Server 2003 Public Key Infrastructure
This document is a quick start guide that you can use to set up a Windows Server 2003 PKI. -
Certificate Autoenrollment in Windows Server 2003
This white paper includes information about autoenrollment, including configuration, certificate renewal, autoenrollment functions, advanced features, supported hardware, and troubleshooting. -
Designing a Public Key Infrastructure
This deployment guide provides information about defining certificate requirements, designing and extending your PKI, defining certificate configuration options, creating a certificate management plan, and deploying the PKI.
Operations
-
Advanced Certificate Enrollment and Management
This white paper explains several remote deployment scenarios along with the step-by-step procedures to perform X.509 certificate enrollment to implement a secure infrastructure. -
Key Archival and Management in Windows Server 2003
This white paper covers best practices and procedures in a key recovery strategy as well as migration procedures for moving from a Microsoft Exchange Key Management Server (KMS) environment to a Windows Server 2003–based CA. -
Windows Server 2003 PKI Operations Guide
This guide provides information about configuring and operating a Windows-based CA, including various operational scenarios, custom configuration information, sample commands, and best practices.
Technical Reference
-
PKI Technologies
The following technical references are available for PKI technologies:
Troubleshooting
Additional Resources
- For changes in PKI from Windows Server 2003 to Windows Server 2008, see Active Directory Certificate Services Role in Changes in Functionality in Windows Server 2008.
- For more information about Active Directory Certificate Services in Windows Server 2008, see Active Directory Certificate Services.
