Operating a Windows PKI

  • Article

In my customer engagements I get a lot of questions around what tasks an organization should be doing in terms of operation and maintenance for their PKI.  So, in this blog series I am going to cover the operational and maintenance aspects of a PKI. 

Below is the list of topics I plan on covering in this Blog Series:

  • Removing expired certificates from the CA Database
  • Publishing the CRL for an Offline Root CA
  • CA Certificate Lifecycle and Renewing CA Certificates
  • Implementing Credential Roaming
  • Implementing Key Archival
  • Role Separation
  • Certification Authority Backup
  • Emergency CRL Re-signing
  • Determining Expiring Certificates
  • Delegating Certificate Template Permissions
  • Implementing the SMTP Exit Module

If there are any additional topics you would like me to cover, please submit a comment to this blog posting or tweet me @chdelay.