Public Key Infrastructure
Applies To: Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
This page lists resources for public key infrastructure (PKI) in Windows Server 2003. A PKI is a system of digital certificates, certification authorities (CAs), and other registration authorities that verify and authenticate the validity of each party involved in an electronic transaction.
Getting Started
Checklist: Configuring certificate autoenrollment
This checklist provides an overview of the steps needed to configure certificate autoenrollment.
Checklist: Creating a certification hierarchy with an offline root certification authority
This checklist provides an overview of the steps needed to create a certification hierarchy with an offline root CA.
-
This checklist provides an overview of the steps needed to use credential roaming.
Checklist: Decommissioning a certification authority
This checklist provides an overview of the steps needed to decommission a CA.
Planning and Architecture
Certificate Services Best practices
This topic provides a list of best practices for Certificate Services.
Certificate Templates Best practices
This topic provides a list of best practices for certificate templates.
Implementing and Administering Certificate Templates in Windows Server 2003
This white paper discusses the best practices in designing, administering, and implementing version 2 certificate templates by using Windows Server 2003 Enterprise Edition and enterprise CAs.
Planning and Implementing Cross-Certification and Qualified Subordination Using Windows Server 2003
This white paper provides a technical reference and planning guide for PKI administrators who want to perform PKI cross-certification, deploy bridge CAs, and understand how to implement qualified subordination in Windows Server 2003.
Deployment
Best Practices for Implementing a Microsoft Windows Server 2003 Public Key Infrastructure
This document is a quick start guide that you can use to set up a Windows Server 2003 PKI.
Certificate Autoenrollment in Windows Server 2003
This white paper includes information about autoenrollment, including configuration, certificate renewal, autoenrollment functions, advanced features, supported hardware, and troubleshooting.
Designing a Public Key Infrastructure
This deployment guide provides information about defining certificate requirements, designing and extending your PKI, defining certificate configuration options, creating a certificate management plan, and deploying the PKI.
Operations
Advanced Certificate Enrollment and Management
This white paper explains several remote deployment scenarios along with the step-by-step procedures to perform X.509 certificate enrollment to implement a secure infrastructure.
Key Archival and Management in Windows Server 2003
This white paper covers best practices and procedures in a key recovery strategy as well as migration procedures for moving from a Microsoft Exchange Key Management Server (KMS) environment to a Windows Server 2003–based CA.
Windows Server 2003 PKI Operations Guide
This guide provides information about configuring and operating a Windows-based CA, including various operational scenarios, custom configuration information, sample commands, and best practices.
Technical Reference
-
The following technical references are available for PKI technologies:
Troubleshooting
Additional Resources
For changes in PKI from Windows Server 2003 to Windows Server 2008, see Active Directory Certificate Services Role in Changes in Functionality in Windows Server 2008.
For more information about Active Directory Certificate Services in Windows Server 2008, see Active Directory Certificate Services.