Windows 2000’s Public Key Infrastructure (PKI) manages public-key encryption. This type of encryption uses two keys: a public key and a private key. Messages encrypted with the private key can be decrypted with the public key, and vice versa.
Windows 2000 Certificate Services manages the issuing of certificates. These are documents that verify identity and can include a public/private key pair. Certificates are issued by a certificate authority (CA). There are several types of CA:
Standalone CAs are used when the organization will be issuing certificates to third parties. The root CA is the most trusted CA and can authorize subordinate CAs. Standalone CAs do not require Active Directory.
Standalone subordinate CAs are authorized by and subordinate to the root CA.
Enterprise CAs are used when the organization will be issuing certificates internally, i.e., to employees or students. The enterprise root CA is the highest authority and can authorize subordinate CAs. Windows 2000 allows one enterprise root CA per certificate hierarchy and any number of root CAs per network. Enterprise CAs require Active Directory.
Enterprise subordinate CAs are authorized by and subordinate to the root CA.
You can configure a certificate authority on any Windows 2000 Server computer. Follow these steps to install a CA:
In the Control Panel, select Add/Remove Programs ...