A certification authority (CA) hierarchy is only as secure as the security measures that an organization takes to protect the CAs in the hierarchy. These measures can be categorized as:
These measures can range from limiting which security groups can log on locally at the CA console to locating the CA computer in a secured location. Your security plan must include measures to protect each CA’s private key from compromise.
CA configuration measures refer to the security measures involving the configuration of Certificate Services or the configuration of the Windows Server 2008 operating system.
Measures you can take to configure ...