Manage Certification Authorities with Enterprise PKI

Applies To: Windows Server 2008 R2

Certification authorities (CAs) are listed by name and by their location within a public key infrastructure (PKI), with root CAs located at the top of the hierarchy and subordinate CAs below. CAs can be listed either in the console tree or details pane, depending on whether the PKI or a CA is selected in the console tree. When a CA is double-clicked in the details pane, it will be expanded and selected in the console tree.

CA status information will be listed as OK, Warning, Error, or Unable to download. These status messages indicate whether there is a problem with some aspect of the CA, either the CA certificate, the CRL distribution point locations, or the authority information access locations, or that status information was not obtained. For specific error status messages and their meaning, see Enterprise PKI Status Codes.

If a problem or warning only applies to a subordinate CA, then the error indicator will only appear on the icon for that CA.

When you right-click a CA or click the Action menu, two unique options appear:

  • Manage CA, which opens the Certification Authority snap-in. If the user has the appropriate permissions, the Certification Authority snap-in can then be used to perform various management tasks for the CA.

  • Refresh, which initiates an update to all of the status information available for that CA.

For more information about customizing when different warning codes appear, see Configure the Enterprise PKI Snap-In.

Additional references