The Best Practices for Implementing a Microsoft Windows Server 2003 Public Key Infrastructure white paper is the definitive reference on the ins and outs of configuring a PKI for your network. It s available from http://www.microsoft.com/technet/prodtechnol/windowsserver2003/maintain/ operate /ws3pkibp.asp .
For more information on the details of migrating from the Exchange 5.5 KMS to Windows Server 2003 CAs, see the Key Archival and Management in Windows Server 2003 whitepaper : http://www.microsoft.com/technet/prodtechnol/windowsserver2003/maintain/operate/kyacws03.asp
The National Security Agency has published two useful references on configuring PKIs for Exchange. The Guide to Using DoD PKI Certificates in Outlook 2000 covers client-side certificate usage (see http://www.nsa.gov/snac/win2k/guides/w2k-15.pdf ), and the Guide to the Secure Configuration and Administration of Microsoft Windows 2000 Certificate Services ( http://www.nsa.gov/snac/win2k/guides/w2k-12.pdf ) covers the CA itself.
Various PKI guides, best practices, and technical white papers can be found on the Cryptography and Secure Communications Microsoft TechNet portal at http://www.microsoft.com/technet/security/prodtech/pubkey/default.asp .
Chapter 24, Security Sensitive Environments, from the Microsoft Exchange 2000 Server Resource Kit (Microsoft Press, 2000).
Chapter 4, Installing and Using Digital Certificates from the book Microsoft Windows Security Inside Out for Windows XP and Windows 2000 by Bott and Siechert (Microsoft Press, 2002).