This chapter focuses on the Windows Server 2003 PKI certificate life cycle and its different subprocesses.
The life of a certificate can be subdivided into three main phases in which different processes can occur. The phases are the start, issued, and end phases. The complete certificate life cycle, its different phases, and their processes are illustrated in Figure 15.1.
Figure 15.1: The certificate life cycle.
A very important aspect of the certificate life cycle is the degree of automation for the different processes. This is very important from an end user’s ease-of-use and an administrator’s ease-of-management points of view. This is the main advantage of what is called a managed PKI solution: In a managed PKI, most processes are automated. Windows 2000 PKI comes with much more automation than its predecessor, Windows NT4 PKI. The degree of automation is even higher in Windows Server 2003, and that is why we can call it a true managed PKI solution.
We will run through all the certificate life cycle processes in the following sections. Some of the processes are grouped together in a single section, (e.g., certificate enrollment includes key generation, certificate request, user identification, certificate generation, certificate publishing, and encryption key archival).