Windows Server 2003 and Public Key Infrastructure Technology

Published: January 1, 2004

By Jonathan Perera, Senior Director, Security Business Unit

On This Page

PKI and Windows:
Windows Server 2003:


Slowly, quietly, Public Key Infrastructure (PKI) technology is finally achieving its potential as a foundational element of trust infrastructures that provides strong security amid complexity and interconnectivity. As is common with technology, PKI has had its share of highs and lows in its adoption, but with Microsoft’s integrated PKI infrastructure many customers, such as at Covad, Qualcomm and Northrop Grumman, are at last realizing important benefits.

Microsoft has invested steadily in PKI, and the value of this work is growing, as evidenced by a recent decision by the Federal Bridge Certification Authority to approve Microsoft’s PKI as a trust platform for all US Federal agencies. The approval followed a rigorous evaluation of Windows platform PKI in terms of security, compatibility and interoperability. Microsoft is now just one of two vendors certified to this level

PKI and Windows:

A key driver in the success of PKI implementations is the integration of PKI into the Windows platform. The PKI enhancements in Windows XP Professional and Windows Server 2003 provide a cost-effective and powerful framework for extending your network securely to employees, customers and partners. Deployment and management are simplified as the client and server elements work seamlessly together, and separate client-specific PKI licenses are no longer needed. Customers can now easily enable secure new business processes that increase revenue, reduce costs, meet compliance mandates and mitigate risk.

At Microsoft, we use the Windows PKI solution to help ensure a secure corporate intranet and extranet. PKI helps provide web site security, ensure secure access to our source code servers, and enhance e-mail security. It also supports managed trust solutions, such as our new Rights Management Services (RMS) offering, and complements PKI-enabled security services on products including the Encrypting File System (EFS), Internet Explorer, Microsoft Money, Internet Information Server, and Outlook/Outlook Express. A wide range of third-party products (such as Cisco routers and PIX devices) and Web services also take advantage of the Windows PKI infrastructure.

Windows Server 2003:

The Windows Server 2003 family includes a multitude of features that help you create a flexible and robust PKI:

  • Certificates: The standard certificate format used by Windows certificate-based processes is X.509v3. This certificate includes information about the person or entity to whom the certificate is issued, information about the certificate, plus optional information about the certification authority issuing the certificate.

  • Certificate Services: Windows Server 2003, Standard Edition; Windows Server 2003, Enterprise Edition; and Windows Server 2003, Datacenter Edition all include a Certificate Services component which creates and manages certification authorities (CAs), either as a single root or organized as certification hierarchies.

  • Certificate templates: Certificate templates are customizable in Windows Server 2003, Enterprise Edition and Windows Server 2003, Datacenter Edition Enterprise. The administrator can choose from one or more of the default templates installed with Certificate Services or create templates that are customized for specific tasks or roles.

  • Certificate auto enrollment and Web enrollment pages: The system can automatically enroll subjects for certificates, retrieve issued certificates, and renew expiring certificates without requiring subject interaction, simplifying the client experience and minimizing administrative tasks.

  • Flexible authentication support: Windows supports logon via smart cards, X.509 certificates, token based authentication technologies and other authentication methods. Smart cards can also be used to store certificates and private keys.

  • Public key policies: You can use Group Policy in Windows to distribute certificates to subjects automatically, establish common trusted certification authorities, as well as managing recovery policies for EFS.

  • Management Tools: Administrators can manage Certificates, Certificate Templates and Certificate Services as well as configure auto enrollment processes using the Certificate MMC console, reducing the overall administration burdens.


As the push for interconnectivity between partners, suppliers, customers and employees has grown, so has the need to ensure the integrity of information exchange. Regulation alone makes compliance with security and privacy rules necessary. PKI is a critical element of the trust infrastructure that is increasingly required to conduct business electronically today. Microsoft is dedicated to continuing our innovation on PKI, and you can look for more exciting developments in the months ahead.

To learn more about Microsoft’s PKI offerings, see