Most organizations deploy an offline root certification authority (CA) and one or more subordinate CAs as a public key infrastructure (PKI). After these CAs have been installed on servers, additional steps must be completed before the PKI can be used to issue, support, and manage certificates. These steps include setting up certificate revocation options, configuring certificates or certificate templates, and configuring enrollment and issuance options.
Task | Reference |
---|---|
Plan the PKI. |
|
Set up a stand-alone or enterprise root CA. |
|
Set up additional subordinate CAs. (Optional) |
|
Complete additional CA configuration tasks. |
|
Install and configure certificate templates. |
Managing Certificate Templates (http://go.microsoft.com/fwlink/?LinkId=142230) |
Configure certificate enrollment. |