O'Reilly logo

Windows Server 2003 Security: A Technical Reference by Roberta Bragg

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Install an Offline Root CA

An offline root CA should be used to anchor the hierarchy. The offline root CA is easier to protect because it can be locked in a vault or another secure area. It needs no connection to the network. The offline root CA can be restricted to issuing subordinate CA certificates, a process that can easily be manually done. Little maintenance is required, and you can limit the number of people who have contact with it.

The offline root CA, however, must be carefully prepared and installed, or additional CAs and the PKI may not function correctly. To correctly install a root CA, prepare the server and then perform the CA installation offline.

Server Preparation

The server should be prepared before installing certificate services. ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required