Building an Enterprise Root Certification Authority in Small and Medium Businesses

I notice that a lot of small and midsized businesses do not take advantage of the security benefits of putting together a Public Key Infrastructure or PKI. A PKI allows you to take advantage of digital certificates, which can be used in securing your network in a number of ways. Certificates can be used for IPsec server and domain isolation, can be used to secure your network using NAP with HRA and IPsec enforcement, can be used to secure your email messages, can be used to secure connections to your Web sites, and also can be used to encrypt files on your hard disk. And that’s just a small sample of the things you can do with digital certificates.

However, in order to gain these benefits, you need to setup a PKI. The good news is that it’s really not that hard. I found a great article to get the small and medium sized business admin up to speed on putting together a PKI. As they explain:

“After you complete these steps, your network will include an enterprise root CA and you will have access to all of the certificate templates available by using the Certificate Templates snap-in. In addition, client autoenrollment will strengthen authentication for your wireless users by requiring them to use digital certificates during the authentication process. Autoenrollment can make this requirement virtually transparent to users by enabling them to automatically request certificates, retrieve issued certificates, and renew expiring certificates. You can also broaden the protection the Windows Server 2003 PKI provides to your network by expanding your use of the PKI to support additional applications such as digital signatures, IPSec, and so on, that were mentioned earlier

I think you’ll get a lot out of this article and you’ll learn key PKI concepts without having to deal with the sometimes arcane terminology used in the PKI business. Check it out at:



Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer
Prowess Consulting

PROWESS CONSULTING documentation | integration | virtualization
Email: [email protected]
MVP – Forefront Edge Security (ISA/TMG/IAG)

About The Author

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top