Before deploying Windows Server 2008 Active Directory Certificate Services, an organization must spend time designing the certification authority (CA) hierarchy. Developing the correct structure involves investigating and processing related requirements for applications, security, business, technical, and external forces. Hierarchy elements covered in this chapter include:
The number of tiers to use in a CA hierarchy
How the CAs will be arranged into a CA hierarchy
The types of certificates each CA will issue
The types of CAs to be deployed at each tier
Specifying where the CA computer accounts will exist in Active Directory Domain Services (AD DS)
Security measures to protect the CAs
Whether different ...