7.3. Designing a Certificate Authority Hierarchy

The underlying fabric of any public key infrastructure is the design of the underlying certificate authorities. This includes the number of certificate authorities (CAs), as well as what type of certificates they will use and how the certificate authorities will be used, implemented, and so forth.

7.3.1. Choosing a Tier Model

The first step in creating a CA hierarchy is to choose an effective tier-design model. Therefore, the best way to start a certificate services design is to decide how many servers are going to be operating as certificate authorities and how the process of accessing certificates from these CAs will proceed.

According to Microsoft best practices, certificate authorities can ...

Get MCITP: Windows Server® 2008 Enterprise Administrator, Study Guide now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial