Chapter 15: The Certificate Life Cycle


This chapter focuses on the Windows Server 2003 PKI certificate life cycle and its different subprocesses.

15.1 Overview of the certificate life cycle

The life of a certificate can be subdivided into three main phases in which different processes can occur. The phases are the start, issued, and end phases. The complete certificate life cycle, its different phases, and their processes are illustrated in Figure 15.1.

click to expand
Figure 15.1: The certificate life cycle.

A very important aspect of the certificate life cycle is the degree of automation for the different processes. This is very important from an end user’s ease-of-use and an administrator’s ease-of-management points of view. This is the main advantage of what is called a managed PKI solution: In a managed PKI, most processes are automated. Windows 2000 PKI comes with much more automation than its predecessor, Windows NT4 PKI. The degree of automation is even higher in Windows Server 2003, and that is why we can call it a true managed PKI solution.

We will run through all the certificate life cycle processes in the following sections. Some of the processes are grouped together in a single section, (e.g., certificate enrollment includes key generation, certificate request, user identification, certificate generation, certificate publishing, and encryption key archival).




Windows Server 2003 Security Infrastructures. Core Security Features of Windows. NET
Windows Server 2003 Security Infrastructures: Core Security Features (HP Technologies)
ISBN: 1555582834
EAN: 2147483647
Year: 2003
Pages: 137
Authors: Jan De Clercq

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net