Distribution and Installation of CA Certificates

Certificate Authority (CA) certificates are not requested and issued in the same manner as server and client authentication certificates. Server authentication and client authentication certificates are unique for each requesting server and client, and are not shared. So they must be generated and issued by a Certificate Authority upon demand. But the CA certificate, although it is also unique, is shared by all requesters of server or client certificates from the CA and does not require issuance upon demand. It can simply be created once and then made readily available.

The commonly applied technique for distributing CA certificates is to place them in a location known and accessible to anyone who will be requesting certificates from the CA.

© 1997 by Microsoft Corporation. All rights reserved.