Nó thực hiện một CPS duy nhất, với các CPS được xuất bản tại . OID được giao cho các CPS. Chiều dài khóa cho là chìa khóa quan trọng và công tư là bit. Thời hạn hiệu lực của giấy chứng nhận chính sách CA là 10 năm. CRLs cơ sở được | 126 Part II Establishing a PKI The following assumptions apply to the Fabrikam Inc. policy CA It implements a single CPS with the CPS published at CPS . OID is assigned to the CPS. The key length for the private key and public key is 2 048 bits. The validity period of the policy CA certificate is 10 years. Base CRLs are published every 26 weeks with a 2-week overlap. Delta CRLs are disabled. Discrete signatures must be enabled in the policy CA certificate to allow the use of CNG algorithms for hash and certificate signing. The policy CA will use the SHA256 hash algorithm. Based on these assumptions the following file can be installed in the Windir of the Fabrikam Inc. policy CA computer Version Signature Windows NT PolicyStatementExtension Policies FabrikamCPS FabrikamCPS OID NOTICE Fabrikam Industries Certification Practice Statement URL http CPS certsrv_server RenewalKeyLength 2048 RenewalValidityPeriodUni ts 10 RenewalVa1idityPeriod years CRLPeriod weeks CRLPeriodUnits 26 CRLOver apPeriod weeks CRLOver apUnits 2 CRLDeltaPeriodUnits 0 CRLDeltaPeri od days DiscreteSignatureA gorithm 1 Installing Certificate Services After the file is in place you can install Certificate Services. Because the policy CA s certificate request is submitted to the root CA the issuance of the subordinate CA certificate takes place at the root CA. Chapter 6 Implementing a CA Hierarchy 127 The following assumptions are made about the root CA computer It uses the naming scheme shown previously in Figure 6-1. It has two mirrored partitions drive C for the operating system and drive D for the CA database and log files. Note IIS s not required for the installation of an offline policy CA. The only certificate requests submitted to the policy CA are for subordinate CA certificates and these can be submitted by using the Certification Authority console. To