Maintaining Your Hierarchy
Now that the PKI is operational, maintenance functions must be put in place. Good security starts with a solid and well-analyzed plan and continues with a secure deployment that meets that plan. However, no deployment is secure forever. As the PKI continues to function, the environment will change. These changes may not change the security provided, but you must perform tasks to ensure that appropriate security is maintained. These are the ongoing tasks that ensure that each CA is functioning properly and providing the services it is designed to provide.
Certificate Issuance
The CA’s primary job is to issue certificates. In many cases, the CA will issue certificates automatically without any administrative intervention, which is accomplished by configuring the CA and certificate templates with proper security permissions. On many CAs and with many high-value certificate types, however, manual administrative verification may be important. In those cases, the certificate request will be set to Pending when it is received by the CA. Only manual issuance by one or more parties can issue those certificates. For details on configuring certificate templates to require multiple signatures, see the Certificate Templates topic in Windows Server 2003 Enterprise Edition Online Help.
Let’s assume you have configured your CA to place all requests in a Pending state. To issue a certificate that’s been placed in a Pending state, perform the following simple procedure:
In ...
Get Securing Windows Server 2003 now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
