Chapter 9. Certificates and Public Key Infrastructure
Within virtually all modern computer infrastructures is the concept of authentication. I discussed Windows Server 2003’s authentication model and mechanisms earlier in Chapter 7. But often this type of authentication does not meet the needs of all technologies. For example, numerous devices, such as routers, do not understand Kerberos or NTLM authentication. These routers may need to trust other entities on the network, such as users or other routers.
I’ve said that public key certificates from a trusted certification authority provide a mechanism for this trust. Now I’ll discuss the specifics of certificates—how they work, what they do, and what benefits they provide. Then I’ll show you the certification authority—what it does and why you may need one. I’ll also describe how to make a decision on whether to use a public or private certification hierarchy in your enterprise. Each course of action is then explored in great detail. You’ll read procedural, process, and conceptual information about each strategy.
If you’ve already decided to implement a public key infrastructure (PKI) and want to get right down to examples, you should skip ahead to the “Implementing a Private Certification Hierarchy” section. That’s where I show you exactly what to do to get this all set up and ready to rock.
What Are Certificates?
Imagine that you need to communicate with a secure web site on the internal corporate LAN. This is not an uncommon occurrence, ...