Learn how to implement Microsoft Certificate Services
Windows 2000 comes with a host of new security features, such as the Encrypting File System (EFS), smart card support, and IP Security (IPSec) through encryption. To fully use these new features, you need to deploy a public key infrastructure (PKI). A PKI has been described as everything from a silver bullet to a political quagmire that's a nightmare to implement. As is usually the case with complex technologies, the truth is somewhere in between: A well-designed and rolled out PKI can help you secure many parts of your Win2K environment, but it will also make you rethink how you manage your users and computers. For a smooth PKI deployment, you need to be familiar with the role of a PKI, some of the design concerns and decisions you face when you deploy a PKI, how to install and configure the appropriate services, and routine ongoing tasks.
The Role of the PKI
The term public key infrastructure is somewhat misleading because most PKIs don't just manage keys. (I won't discuss those PKIs that deal exclusively with keys.) The PKI's role is to issue and manage certificates, which are used to uniquely identify real-world objects such as users or computers. A typical PKI has four components: the Certification Authority (CA), which issues and revokes certificates; the Registration Authority (RA), which lets entities such as users or computers request certificates; the certificate store, which holds copies of issued certificates; and the certificate revocation list (CRL), which holds details about certificates that are no longer valid. . . .
Register
