What's the difference between enterprise Certification Authorities (CAs) and standalone CAs? What makes enterprise CAs better?
Enterprise CAs let you leverage services already provided by Active Directory (AD—e.g., Kerberos authentication and Group Policy) to automate many of the tasks associated with managing a public key infrastructure (PKI). Computers in a domain automatically trust certificates that enterprise CAs issue. With standalone CAs, you must use Group Policy to add the CA's self-signed certificate to the Trusted Root CAs store on each computer in the domain. Enterprise CAs also let you automate the process of requesting and installing certificates for computers, and if you have an enterprise CA running on a Windows Server 2003 Enterprise Edition server, you can even automate certificate enrollment for users with the auto-enrollment feature.