PKI Architecture in Windows Server 2003
The certificate services provided by Windows Server 2003 are the fourth implementation of certificate services in Windows. Certificate services in Windows are implemented in
NT 4.0 via the option pack.
Microsoft Exchange prior to Exchange 2000 via implementation of the Key Management Service (KMS). (Microsoft Exchange 2000 uses KMS and Windows 2000 certificate services.)
Windows Server 2003.
Each implementation has offered increasing flexibility and security. New in Windows Server 2003 is
An RA via implementation of the certificate enrollment pages on a separate web server
The ability to customize templates
The ability to archive private keys
Development of trust between two or more CA hierarchies ...