Skip to main content

Plan a Public Key Infrastructure that uses Certificate Services.

On completion of this topic you should be able to identify the appropriate type of certificate authority to support certificate issuance requirements, plan the enrolment and distribution of certificates and plan for the use of smart cards for authentication.

The Windows Server 2003 Public Key Infrastructure enables the deployment of strong security solutions that use digital certificates and public key technology. Security solutions can include the following:

  • Secure mail: uses certificates and the Secure/Multipurpose Internet Mail Extensions (S/MIME) protocol to ensure the integrity, origin, and confidentiality of e-mail messages
  • Secure Web sites: use certificates and certificate mapping to map certificates to network user accounts for controlling user rights and permissions for Web resources
  • Secure Web communications: use certificates and the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols to authenticate servers, authenticate clients and to provide confidential communications between servers and clients
  • Software code signing: uses certificates and digital signing technology (such as Microsoft Authenticode) to ensure the integrity and authorship of software that is developed for distribution on an intranet or on the Internet
  • Smart card logon: uses certificates and private keys stored on smart cards to authenticate local and remote access network users
  • IPSec client authentication: has the option of using certificates to authenticate clients for IPSec communications.
  • Encrypting File System (EFS): uses certificates for both EFS user and EFS recovery agent operations
  • Custom security solutions: use certificates to provide confidentiality, integrity, authentication and nonrepudiation

Next: PKI Components