Planning and Implementing Cross-Certification and Qualified Subordination Using Windows Server 2003

Applies To: Windows Server 2003 with SP1

By Brian Komar and David Cross

Microsoft Corporation

Microsoft Windows XP Professional and Windows Server 2003 provide an integrated, public key infrastructure (PKI) that enables you to securely exchange information across the Internet, extranets, intranets, and applications. This white paper provides a technical reference and planning guide for PKI administrators who wish to perform PKI cross-certification, deploy bridge Certification Authorities (CAs), and understand how to implement qualified subordination in Windows Server 2003.

In This White Paper

Acknowledgements (Planning and Implementing Cross-Certification and Qualified Subordination Using Windows Server 2003)

Introduction (Planning and Implementing Cross-Certification and Qualified Subordination Using Windows Server 2003)

Overview (Planning and Implementing Cross-Certification and Qualified Subordination Using Windows Server 2003)

Understanding Constraints

Qualified Subordination Deployment Scenarios

Walkthrough (Planning and Implementing Cross-Certification and Qualified Subordination Using Windows Server 2003)

Appendix A – Policy.Inf

Appendix B – CAPolicy.inf

Appendix C – CMC Dump of a Qualified Subordination Request