Setting up the first Certification Authority (CA) server in a network
The first hurdle to overcome when wanting to start certificate work is putting the server into place. There are many valid questions to be answered. Do I need a dedicated server for this task? Can I co-locate this role on an existing server? Do I need to install an Enterprise or Stand-alone CA? I've heard the term "offline root", what does that mean? Let's start with the basics and assume that you need to build the first Certification Authority server in your environment.
In an Active Directory domain network, the most useful CA servers are of the Enterprise variety. Enterprise CA servers integrate with Active Directory, making them visible to machines in the network and automatically trusted by computers that you join to your domain. There are differing opinions in the matter of best practices when setting up a series of CA servers. For example, there is a good test lab guide (referenced at the end of this recipe) published...