About This Document (Best Practices for Implementing a Microsoft Windows Server 2003 Public Key Infrastructure)

Applies To: Windows Server 2003 with SP1

This document is a quick start guide that you can use to set up a Windows Server 2003 public key infrastructure (PKI). It provides all the information that you need to deploy a viable PKI that is based on Windows Server 2003 technology.

The document outlines a proven PKI architecture that is applicable for the majority of organizations. It includes tips and decision best practices that have been obtained from customer experiences.

To ensure that configuration steps have been implemented correctly, this document also includes useful verification steps. Where possible, information regarding the configuration and installation of a server running a member of the Windows 2000 Server family is provided for comparison.

Document Structure

This document is based on Designing a Public Key Infrastructure, in the Microsoft Windows Server 2003 Deployment Kit that is listed in the "Related Information" section in this document. Some issues are addressed only in the Microsoft Windows Server 2003 Deployment Kit chapter, while other issues are described only in this document. The similar structure provides easier navigation through the planning and deployment phase if you work with all of these documents.


This document refers to features included with Windows Server 2003, Standard Edition, and Windows Server 2003, Enterprise Edition. These features are not included on computers running Windows Server 2003, Web Edition.


This document provides implementation guidelines for administrators who are deploying a Windows Server 2003 PKI in their organization.

This white paper is not an introduction to public key technologies, certification authorities, or certificates. It assumes that the reader has a good understanding of PKI and Active Directory concepts.

Because this white paper is focused on technology, it does not outline organizational guidelines and rules that are mandatory for a successful PKI implementation. You should apply organizational requirements and best practices in conjunction with the recommendations in this white paper to ensure a successful deployment.

A number of detailed best practices that are combined with real-world field experience from Microsoft and Hewlett Packard Consulting Services have been incorporated into this white paper.

This documentation extends the Designing a Public Key Infrastructure chapter in the Microsoft Windows Server 2003 Deployment Kit, which contains overall PKI planning and design, and the Windows Server 2003 Help topics, which contains checklists and configuration information. The chapter in the Microsoft Windows Server 2003 Deployment Guide focuses on broad deployment considerations.