The first hurdle to overcome when wanting to start certificate work is putting the server into place. There are many valid questions to be answered. Do I need a dedicated server for this task? Can I co-locate this role on an existing server? Do I need to install an Enterprise or Stand-alone CA? I've heard the term "offline root", what does that mean? Let's start with the basics and assume that you need to build the first Certification Authority server in your environment.

In an Active Directory domain network, the most useful CA servers are of the Enterprise variety. Enterprise CA servers integrate with Active Directory, making them visible to machines in the network and automatically ...