Microsoft® Windows® 2000 Security Handbook

Certificate Services

Windows 2000 PKI has a CA hierarchy that starts at an enterprise root CA with a clearly defined parent-child relationship with an intermediate CA. Any of these CAs can issue certificates. In addition, a CA hierarchy can consist of a single CA and might be multiple independent hierarchies.

The certificate issued by the CA contains all the authorities between itself and the root CA.

CA hierarchies, in general, tend to be static, but this doesn't mean that you can't modify your hierarchy. Actually it is fairly easy to add or delete issuing CAs under a given root CA. You can join existing CA hierarchies by issuing a certificate from one of the root CAs, certifying the other root as an intermediate CA. You must be careful when ...

Get Microsoft® Windows® 2000 Security Handbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Microsoft® Windows® 2000 Security Handbook by Jeff Schmidt

Certificate Services

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly