Implementing a Private Certification Hierarchy
The implementation of a private PKI is far more complex than that of a public PKI. The hierarchy must be planned in detail before any deployment can be considered. You may even want to consult legal experts to help create a certificate practice statement. Each CA deployed must be configured for proper security before exposing it to any users or attackers. The description provided on implementing the PKI is sequential and should be followed in the correct order to ensure proper deployment.
This isn’t to say that deploying a PKI is hard. The individual tasks associated with the deployment are actually very straightforward and take little time to complete. The planning itself isn’t difficult either. But ensuring you’ve completely thought through all aspects of the PKI and created a solid plan will help avoid missing steps or key elements of the deployment. And recovering from these missed elements or steps is something that’s not always possible in the PKI environment.
Create a PKI Deployment Plan
Before you begin to implement your certification hierarchy, you must have your planning completed. You already know how the PKI will work—what templates will be used, who will get certificates, how many tiers will be in the tree, and so forth. That plan tells you what to deploy but not how to deploy it. To get to the next stage, you must determine the exact method and order you will use to properly deploy the technology. This information makes ...
Get Securing Windows Server 2003 now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
