Public Key Infrastructure for Windows Server 2003

This in-depth reference teaches you how to design and implement even the most demanding certificate-based security solutions for wireless networking, smart card authentication, VPNs, secure e-mail, Web SSL, EFS, and code-signing applications using Windows Server PKI and certificate services.

VeriSign's old 128-bit Global Server Intermediate Root certification authority certificate for Microsoft Internet Information Services (IIS) and other Web servers expired on January 7, 2004. You should update your servers' certificates to prevent error messages.

Learn how Microsoft PKI for Windows Server 2003 can enable you to securely exchange information across the Internet, extranets, intranets, and applications.

This TechNet white paper covers several remote deployment scenarios and includes step-by-step procedures to perform X.509 certificate enrollment to implement a secure infrastructure.

This white paper introduces Microsoft Windows® XP Professional certificate services and describes enhancements to existing Windows 2000 PKI features. Learn how Microsoft Windows XP Professional and Windows Server 2003 provide an integrated public key infrastructure that enables you to securely exchange information across the Internet, extranets, intranets, and applications.

Microsoft Windows Server 2003 enables a variety of secure applications and business scenarios based on the use of digital certificates. Before you can use digital certificates, however, you need to design a public key infrastructure, which involves planning configuration options for one or more certification authorities, preparing certificates to meet the needs of your organization, and creating a PKI management plan.

This TechNet article describes configuration and deployment best practices for a Windows Server 2003-based PKI.

This TechNet article describes how to configure and operate a Windows certification authority and includes operational scenarios, custom configuration information, and sample commands.

Covad managed and authenticated PKI certificates from wireless users and was able to achieve load balancing for virtual private network sessions with remote users by using Microsoft Public Key Infrastructure for Windows Server 2003.

Italy's Guardia di Finanza implements S/MIME (secure e-mail), EFS (encryption), and IPSec using Microsoft Public Key Infrastructure for Windows Server 2003 and achieves security, reliability, and flexibility.

Northrop Grumman achieved lower total cost of ownership and greater agility by migrating to Microsoft Public Key Infrastructure for Windows Server 2003.

To achieve greater security and reliability in its CDMA data services, QUALCOMM is deploying an end-to-end remote access solution based on Microsoft Windows Server 2003 technologies such as Active Directory® directory service, Internet Authentication Service (IAS), and public key infrastructure.

Learn how to enable smart card logon with Microsoft Windows and a non-Microsoft certification authority.

Find out what is required to issue a domain controller certificate from a third-party certification authority.

Find out how to import certificates issued by third-party certification authorities into the Windows NTAuth store.

Find out how to enable LDAP over SSL (LDAPS) on a Windows domain controller from either a Microsoft Certification Authority (CA) or a non-Microsoft CA.

Learn how Windows supports third-party certification authorities that issue Encrypting File System (EFS) certificates and EFS Recovery Agent certificates.

Learn about the capability introduced in Microsoft Windows Server 2003 Enterprise Edition, that allows you to automatically enroll users and computers for certificates, including smart card-based certificates.

Use this quick-start guide to set up a Windows Server 2003 public key infrastructure. It provides the information you need to deploy a viable PKI that is based on Windows Server 2003 technology.

Operation and maintenance of a public key infrastructure requires as much planning as for its initial implementation. This paper provides guidance on how to plan for and implement the operation and management of a Microsoft Windows Server 2003 PKI.

This white paper covers best practices for private key archival and management; procedural steps in a key recovery strategy; as well as migration procedures for moving from an Exchange KMS environment to a Windows Server 2003 Certificate Authority.

This white paper provides a technical reference and planning guide for PKI administrators who wish to perform PKI cross-certification, deploy bridge Certification Authorities, and understand how to implement qualified subordination in Windows Server 2003.

Learn how to map public-key certificates to a Windows user account so that it can be used with Internet Information Services (IIS).

Complex infrastructure and branch-office deployment environments often dictate unique and advanced management techniques for managing a PKI or certificate deployment to remote servers. This white paper explains several remote deployment scenarios along with the step-by-step procedures to perform X.509 certificate enrollment to implement a security-enhanced infrastructure.

This document provides a guide for administrators on how to configure and operate a Windows certificate authority. Various operational scenarios, custom configuration information, sample commands, and best practices are provided.

Windows Server 2003 Web enrollment enables certificate enrollment in environments where clients have no direct access to the certification authority. This white paper details the setup, security configuration, and troubleshooting of the Web enrollment component in a distributed network environment.

This white paper covers best practices in designing, administering, and implementing version 2 Certificate Templates using Windows Server 2003 Enterprise Edition and Enterprise Certification Authorities.

Learn how to use the Encrypting File System, a transparent file encryption service provided by the Windows Server 2003 family.

Data protection application programming interface (DPAPI) is used to protect private keys, stored credentials, and other secrets on Windows for both user accounts and machines. This article discusses how to use DPAPI and how DPAPI operates in Microsoft Windows XP and Windows Server 2003.

Learn about the certificate enrollment process and various options for acquiring a digital certificate for public key-based services and applications in Windows CE .NET.

OCSP, SCVP, and CRLs are some of the prevalent mechanisms to determine the status of certificates. Both OCSP and SCVP are real-time protocols, whereas CRLs are not. This document describes the architecture that can be used to implement a Certificate Validation Trust Provider for the Windows platform that enables it to support one or more of these protocols.

Read this press release to learn how initiatives with Microsoft Windows Server 2003 and VeriSign services will help ease certificate deployment and management for a range of PKI services.

Visit the Windows Rights Management Services (RMS) technology center, where you'll find introductory and technical overviews, pricing and licensing information, and links to download the RMS components. RMS utilizes Extensible Rights Markup Language (XrML)—an emerging PKI implementation—to provide granular rights expression.

This Microsoft TechNet portal page provides links to overviews of cryptography, encrypting file system (EFS), PKI, and secure wireless communication, as well as links to product-specific security information.