Most organizations deploy an offline root certification authority (CA) and one or more subordinate CAs as a public key infrastructure (PKI). After these CAs have been installed on servers, additional steps must be completed before the PKI can be used to issue, support, and manage certificates. These steps include setting up certificate revocation options, configuring certificates or certificate templates, and configuring enrollment and issuance options.

Task Reference

Plan the PKI.

Public Key Infrastructures

Set up a stand-alone or enterprise root CA.

Install a Root Certification Authority

Set up additional subordinate CAs. (Optional)

Install a Subordinate Certification Authority

Complete additional CA configuration tasks.

Managing a Certification Authority

Install and configure certificate templates.

Managing Certificate Templates (

Configure certificate enrollment.

Managing Certificate Enrollment