The Microsoft® server ships with a powerful certificate authority (CA). This can be either used as Active Directory® integrated enterprise CA or a standalone CA. Using Active Directory® you can define policies that define the rights and workflows of such a CA. E.g. you can define, which CA is allowed to enroll which certificates for what users.
Using these Microsoft® CAs we can create a PKI that can handle the scenarios on your company.
Moreover the Microsoft® CA plays nice with Hardware Security Modules and allows the easy usage of smartcards enabling solutions with a stringent two factor authentication in a Microsoft® domain environment.
We use the Microsoft® CA together with OpenSSL and Linux in customer projects to create PKIs for international enterprises.