中文摘要：

考虑到企业CA系统在功能和管理方式上有别于标准的CA系统，企业进行网络安全策略设计时，尽管重新设计一个加密算法比较麻烦，但可以综合、合理地运用CA数字证书以及现有的各种加密算法设计出安全性较好的网络安全策略．在此基础上，研究了企业级CA原型系统，设计了企业级CA系统。由于在企业内部要实现认证过程相对比较简单，以及在证书生存以及管理方面可以简单考虑，同时证书申请分发、查询、废止的策略可以自行制定，没有标准的数字证书管理所要遵循的标准的复杂并实现了该原型系统．

英文摘要：

As the functions and ways of management are different between enterprise＇s CA system and standard CA system, it is hard for enterprise to design a network security system to keep secret, identify, digital signature and compress, but by making use of CA digital certification and current existed encryption methods synthetically and reasonably, a preferable network security strategy is achieved. On the base of the designed network security strategy, a prototype system for enterprise＇s CA system is studied and realized. Because the procedure of authentication in enterprise is less complicated than the reality CA system, the implementation of enterprise＇s CA system is not following the standard model.