MCSE Planning and Maintaining a Windows Server 2003 Network Infrastructure: Exam 70-293 Study Guide

Public Key Infrastructure (PKI) is the method of choice for handling authentication issues in large enterprise-level organizations today. Windows Server 2003 includes the tools you need to create a PKI for your company and issue digital certificates to users, computers, and applications. This chapter addresses the complex issues involved in planning a certificate-based PKI. We ll provide an overview of the basic terminology and concepts relating to the public key infrastructure, and you ll learn about public key cryptography and how it is used to authenticate the identity of users, computers, and applications and services. We ll discuss the role of digital certificates and the different types of certificates; user, machine, and application certificates.
You ll learn about certification authorities (CAs), the servers that issue certificates, including both public CAs and private CAs such as the ones you can implement on your own network using Windows Server 2003 s certificate services. Next, we ll discuss the CA hierarchy and how root CAs and subordinate CAs act together to provide for your organization s certificate needs. You ll find out how the Microsoft certificate services work, and we ll walk you through the steps involved in implementing one or more certification authorities based on the needs of the organization. You ll learn to determine the appropriate CA type enterprise or stand-alone CA for a given situation and how to plan the CA hierarchy and provide for security of your CAs. We ll show you how to plan for enrollment and distribution of certificates, including the use of certificate requests,...