Planning Your Public Key Infrastructure

Microsoft® Windows® 2000 supports a comprehensive public key infrastructure (PKI). A PKI is a system of digital certificates, certification authorities, and other registration authorities that verify and authenticate the validity of each party involved in an electronic transaction through the use of public key cryptography.

You can design a PKI that meets your public key security needs using Microsoft® Certificate Services or other certificate services.

In This Chapter

Overview of Public Key Infrastructure

Building Your Public Key Infrastructure

Designing Your Public Key Infrastructure

Developing Optional Custom Applications

Performing Resource Planning

Deploying Your Public Key Infrastructure

Public Key Infrastructure Planning Task List

Chapter Goals

This chapter will help you to develop the following planning documents:

  • Public key certificate requirements

  • Policies for how certificates will be issued and used

  • Certification authority trust hierarchy design

  • Certificate life cycle policies and processes

  • Policies governing certificate revocation

  • Strategies for certificate backup and disaster recovery

  • Timetable for PKI deployment and rollout

  • For more information about the basic concepts of cryptography-based security, PKI, and public key technology, see "Cryptography for Network and Information Security" in the Microsoft ®  Windows ®  2000 Server Resource Kit Distributed Systems Guide.

  • For more information about security solutions using public key technology, see "Choosing Security Solutions That Use Public Key Technology" in the Microsoft   Windows   2000 Server Resource Kit Distributed Systems Guide.