Part of Windows 2000’s Public Key Infrastructure (PKI)
Windows 2000 Server can act as a CA
Manage using Certificate Authority Manager snap-in
Request certificates from web interface: http://servername/certsrv/default.asp
CA Types
Standalone root CA: Used when the organization will be issuing certificates to third parties; most trusted CA; can authorize subordinate CAs; does not require Active Directory
Standalone subordinate CA: Authorized by and subordinate to the root CA; does not require Active Directory
Enterprise root CA: Used when the organization issues certificates internally; highest authority; can authorize subordinate CAs; requires Active Directory
Enterprise subordinate CA: Authorized by and subordinate to the root CA; requires Active Directory