http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technolog ies/security/ws3pkibp.mspx#EJAA is a 'best practices' guide that addresses some of this. It covers some of the high-level decisions, and then goes through a scenario for a three-tier CA hierarchy that you can reproduce in a lab.
There are a few errors in the doc that are kind of confusing, and it's not terribly well organized, but it does contain quite a bit of useful info. Let me know if you're interested and I can point out a couple errors that might save you some time and grief. There's also an operations guide at http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technolog ies/security/ws03pkog.mspx, but I haven't had time to dig through it in any detail yet. Dave -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Devan Pala Sent: Sunday, November 06, 2005 10:00 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Certificate Services & AD Hi all, Can anyone please recommend a good web resource for deploying certificate services in an Active Directory environment. I was interested in best practices for CA hierarchy, stand-alone or enterprise, hardware config. etc. Thanks in advance. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
