Microsoft Windows 2000 or Windows Server 2003 forests must have their schemas upgraded to the Windows Server 2008 schema to support the new features in a Windows Server 2008 PKI. These features include:
Support for version 3 certificate templates. The Windows Server 2008 schema includes the definition of the version 3 certificate template object. Version 3 certificate templates allow implementation of Cryptography Next Generation (CNG) algorithms in issued certificates.
Addition of an online responder. Windows Server 2008 introduces an Online Certificate Status Protocol (OCSP) responder service. This service allows up-to-date validation of subscriber certificates rather than using certificate revocation lists (CRLs).