Retired Microsoft Blog disclaimer

This directory is a mirror of retired "A Microsoft Premier Field Engineer's blog on Cloud and Security Technologies" TechNet blog and is provided as is. All posting authorship and copyrights belong to respective authors.
Original URL:
Post name: Operating a Windows PKI
Original author: chdelay
Posting date: 2013-05-10T10:34:23+00:00

In my customer engagements I get a lot of questions around what tasks an organization should be doing in terms of operation and maintenance for their PKI.  So, in this blog series I am going to cover the operational and maintenance aspects of a PKI. 

Below is the list of topics I plan on covering in this Blog Series:

  • Removing expired certificates from the CA Database
  • Publishing the CRL for an Offline Root CA
  • CA Certificate Lifecycle and Renewing CA Certificates
  • Implementing Credential Roaming
  • Implementing Key Archival
  • Role Separation
  • Certification Authority Backup
  • Emergency CRL Re-signing
  • Determining Expiring Certificates
  • Delegating Certificate Template Permissions
  • Implementing the SMTP Exit Module

If there are any additional topics you would like me to cover, please submit a comment to this blog posting or tweet me @chdelay.

Share this article:


Comments are closed.