on 22 February 2012
My biggest recommendation for anyone reading this book is to find the errata pages on TechNet and O'Reilly and go through the book correcting it accordingly before you continue. If you don't (and you're creating labs as you go) you'll quickly end up with errors that simply shouldn't be there and with certutil being possibly the least well documented command in TechNet history, you will be shaking your fist at the screen in no time.
Chapter 10 discusses Certificate Revocation and setting up Online Responders for OCSP but if configuring on a Windows Server 2008 R2 Enterprise CA, you'll discover that some of the security changes to Certificate Templates discussed are not required.
For the updated book (assuming one ever materialises) it would be good to see additional example configurations in Chapter 6 with further expansion on the two-tier hierarchy which is discussed only in a half page box suggesting some differences to the CAPolicy.inf file.
The previous reviewer is correct that the book needs updating for 2008R2 and its errors correcting, unfortunately he's also correct that it's still probably the only book that properly covers the subject matter satisfactorily.
on 8 February 2011
Book is riddled with mistakes, contradictions of information and worse the repetition of badly explained material. And there is lots of badly explained material. It glances over lots of items that you need to know about, then you need to spend time finding out from other sources.
Book has not been updated to reflect 2008R2 (Come on MS, its 2011, who is rolling out 2008 non R2).
That said, there does not seem to be any other good books out there and the information from the Microsoft site on 2008PKI is practically non existent (Again, come on MS can't you at least release documentation on your own products, why do we have to rely on badly written MSPress books).
If there was an alterative, I would avoid this book like the plague. If someone knows of a really good book on 2008 R2 PKI, please, please post it and save us all from having to buy more dreadful MSPress books