Reviewing the CA Roles in AD CS
AD CS for Windows Server 2012 can be installed as one of the following CA types:
• Enterprise root CA—The enterprise root CA is the most trusted CA in an organization and should be installed before any other CA. All other CAs are subordinate to an enterprise root CA. This CA should be highly physically secured because a compromise of the enterprise CA effectively makes the entire chain compromised.
• Enterprise subordinate CA—An enterprise subordinate CA must get a CA certificate from a root CA, but can then issue certificates to all users and computers in the enterprise. These types of CAs are often used to provide a scalable, highly available set of certificate authorities while protecting the root CA.
• Standalone ...
Get Windows Server® 2012 Unleashed now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
