RMS Certificate and License Summary

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

The following table lists the certificates and licenses that are used by RMS. They are discussed in detail in the remaining topics of this section.

Certificate or License	Purpose	Content
Server licensor certificates	The server licensor certificate that is issued to licensing servers grants the right to issue: Publishing licenses Use licenses Client licensor certificates Rights policy templates The server licensor certificate that is issued to the root cluster additionally grants the right to issue: Rights account certificates to clients Server licensor certificates to licensing servers	The server licensor certificate that is issued to a licensing-only cluster contains the public key of the licensing server. The server licensor certificate that is issued to the root cluster contains the public key of the root cluster.
Client licensor certificates	Grant a user the right to publish rights-protected content without being connected to the corporate network.	Contain the public key of the certificate, and the private key of the certificate encrypted by the public key of the user who requested the certificate. Also, contain the public key of the server that issued the certificate.
RMS machine certificates	Identify a computer or device that is trusted by the RMS system.	Contain the public key of the activated computer. The corresponding private key is contained by that computer's lockbox.
Rights account certificates	Identify a user in the context of a specific computer or device.	Contain the public key of the user, and the private key of the user that is encrypted with the public key of the activated computer.
Publishing licenses	Specify the rights that apply to the rights-protected content.	Contain the symmetric content key for decrypting the content, which is encrypted with the public key of the server that issued the license.
Use licenses	Specify the rights that apply to the rights-protected content in the context of a specific authenticated user.	Contain the symmetric content key for decrypting the content, which is encrypted with the public key of the user.