This stage of the design process revolves around the management of certificates and CAs for post-implementation. Specifically, you need to decide how you will manage requests for certificates, how certificates are issued to end users (via Web site, e-mail, secured folders, diskette, etc.), how certificate revocation lists are to be managed, and how you will handle key recovery. Some questions you need to answer prior to implementation are:
■ Will you allow users to request their own certificates?
■ Will you use autoenrollment?
■ Will you use Web enrollment?
■ What types of certificates do you want your CA servers to serve to users?
■ If you choose to manually distribute certificates, how will you distribute them?
Was this article helpful?