Each of these CA types can be used to create a certificate
hierarchy comprising root CAs and subordinate CAs. The creation of subordinates
within an organization is typically used to delegate certificate management to smaller
groups, where they can be more closely managed. For example, if you are managing a
global organization, you might use subordinate CAs to manage and control certificates
issued for each country in which your company has a presence.
Enterprise CAs
As you would expect, an Enterprise CA installation type requires Active Directory
Domain Services (AD DS) to be in place. Enterprise CA is designed to manually or automatically
issue certificates to users, computers, and even child CAs. You must be an
Enterprise Administrator to install an Enterprise CA in your environment, which requires
or uses the following technologies:
?–? Active Directory
?– Group Policy to propagate certificates to client root certification authority stores
?– Authentication to the domain using smart cards loaded with appropriate user
certificates
?–? Enterprise Exit Module used to manage how certificates are handled after they
are issued
Since an Enterprise CA is heavily integrated with AD, it has the added advantage of
being able to authenticate the user automatically with AD before issuing the appropriate
certificate based on whatever template the user is requesting. In addition, metadata
typically associated with certificates, such as name and contact information, can be prepopulated
using data obtained from AD.
Pages:
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440