Digital certificates are used more and more in modern infrastructure as additional layers of security to prove that objects and services are genuine. In this chapter, you learned what a PKI is and how exactly it works. Then, we looked into AD CS components and their roles. After that, we moved into the planning of a PKI and discussed what needs to be considered when building a PKI. Then, we further looked into PKI deployment models and evaluated their advantages and disadvantages. Last but not least, we went through a step-by-step guide to setting up a two-tier PKI.

In the next chapter, you are going to learn about another AD role service—AD Federation Service—and see how identities are handled in a federated environment.