Once you have completed the installation or upgrade of your Windows Server 2008 public key infrastructure (PKI), the process does not stop at this point. One of the first things you have to do is ensure that you have correctly configured all certification authorities (CAs) in the CA hierarchy. Any incorrect configuration settings must be identified and fixed before you start issuing certificates. Even after you have deployed your PKI, you must continue to monitor the PKI to identify proactively any issues that arise.

This chapter provides recommendations on what tools can verify your installation and what tools to use to monitor your PKI on an ongoing basis.