August 2000
Intermediate to advanced
800 pages
21h 5m
English
Content preview from Microsoft® Windows® 2000 Security HandbookBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Certificate Services
Windows 2000 PKI has a CA hierarchy that starts at an enterprise root CA with a clearly defined parent-child relationship with an intermediate CA. Any of these CAs can issue certificates. In addition, a CA hierarchy can consist of a single CA and might be multiple independent hierarchies.
The certificate issued by the CA contains all the authorities between itself and the root CA.
CA hierarchies, in general, tend to be static, but this doesn't mean that you can't modify your hierarchy. Actually it is fairly easy to add or delete issuing CAs under a given root CA. You can join existing CA hierarchies by issuing a certificate from one of the root CAs, certifying the other root as an intermediate CA. You must be careful when ...