Building a Certificate Authority in Windows Server 2019
Building a Certificate Authority in Windows Server 2019
A Certificate Authority forms the basis for a Public Key Infrastructure, and implementing a PKI within your organization can greatly increase security. Implementing a PKI within your organization can add multiple security features to your organization, which include:
- Eliminating self-signed certificates in your network.
- Enabling e-mail signing and additional security.
- Implementing pre-logon authentication with VPN services.
- Protecting internal resources with an additional layer of security.
- Utilizing certificates for application authentication and automation.
Microsoft created and maintains the Active Directory Certificate Services server role in Windows Server, which allows for the creation of a CA using only native features available within Windows Server.
What's Inside?
- A 42 page guide to implementing a Two-Tier Certificate Authority using Windows Server 2019 and Active Directory Certificate Services.
- A guide for installing and configuring Active Directory Domain Services. - A guide for creating an offline Standalone/Root CA.
- A guide for creating an online Enterprise/Subordinate CA.
- Instructions that use the CLI for installation and configuration whenever possible.
Who Is This Guide For?
The purpose of this guide is to create a Certificate Authority using Active Directory Certificate Services (AD CS) with Microsoft Windows Server. This guide offers a rapid step-by-step guide that demonstrates how to successfully create a Certificate Authority using those technologies.
This guide is meant for developers, network administrators and systems administrators who have a basic understanding of Windows Server and Public Key Infrastructures and need to deploy a Certificate Authority rapidly within their environment for various purposes. By using the steps provided in this guide, there will be a Certificate Authority framework created that can be customized for whatever requirements are needed in any environment.
This guide is also meant to be used by developers, network administrators and system administrators who can interpret this guide and modify it for their existing environment. Simply following this guide will not implement a functioning PKI for your organization, you will need to modify the steps accordingly to make it function properly. This means creating different servers, modifying steps for different Active Directory domains, modifying LDAP settings, modifying file paths, creating different certificates, and other critical steps as needed.
Table of Contents
Included in the guide are 7 sections which explain the process for creating a Two-Tier Certificate Authority using Active Directory Certificate Services:
- Building a Certificate Authority in Windows Server 2019
- Certificate Authority Environment Setup
- Active Directory Setup
- Root CA Setup
- Subordinate CA Setup
- Post-Implementation Tasks
- Active Directory Certificate Services Next Steps