O'Reilly logo

Windows Server® 2008 PKI and Certificate Security by Brian Komar

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Choosing Certificate Templates

If your organization chooses to deploy its own certificates for secure e-mail, the first decision that the organization must make is whether to use the same certificate for both signing and encryption operations or to issue two separate certificates: one for digital signing and one for encryption.

The advantage of a single certificate is that the user has to manage only a single certificate for all e-mail operations. The disadvantage is that if your organization implements key archival of the e-mail certificate, it is possible that another person could gain access to the signing private key associated with the e-mail certificate.

Note

For details on enabling key archival at a certification authority (CA) and the security ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required