Skip to main content

Certificate Authorities (CAs)

A Certificate Authority (CA) issues certificates. In addition to trusted third-party commercial companies such as VeriSign, a Windows Server 2003 system can be configured to issue certificates and to verify that an existing certificate is legitimate and belongs to the claimed entity.

Before issuing a certificate, a CA must validate the applicant's identity.

You should consider the following points before installing a CA in Windows Server 2003:

  • Think twice about installing a CA on a Domain Controller, as this could result in overloading.
  • Make sure you're happy with the computer name: it can't be renamed after loading Certificate Services nor can the computer join or leave a domain.
  • Use a unique CA name for each CA in your enterprise.

There are two main types of Windows Server 2003 CAs, each of which can be a Root or Subordinate Certificate Server: Enterprise CA and Standalone CA.

Next: Enterprise CA