Practical Guide to PKI with Windows Server
A Certificate Authority forms the basis for a Public Key Infrastructure, and implementing a PKI within your organization can greatly increase security. Implementing a PKI within your organization can add multiple security features to your organization, which include:
- Eliminating self-signed certificates in your network.
- Enabling e-mail signing and additional security.
- Implementing pre-logon authentication with VPN services.
- Protecting internal resources with an additional layer of security.
- Utilizing certificates for application authentication and automation.
Microsoft created and maintains the Active Directory Certificate Services server role in Windows Server, which allows for the creation of a CA using only native features available within Windows Server.
- A complete guide to implementing a Two-Tier Certificate Authority.
- An in-depth step-by-step guide for building all components of a CA.
- A quick start guide for quickly creating a CA using AD CS.
- A guide to implementing an Offline Root CA and an Enterprise CA.
- A guide to implementing OCSP with AD CS.
- A guide to installing and configuring Hyper-V.
- Instructions using the GUI and the CLI for installation and configuration.
- Over 350 screenshots and diagrams.
- Over 125 configuration commands and sample configurations.
Who Is This Book For?
The purpose of this book is to create a Certificate Authority using Active Directory Certificate Services (AD CS) with Microsoft Windows Server. This book offers a comprehensive step-by-step guide that demonstrates how to successfully create a Certificate Authority using those technologies.
This book also explains each step, the necessity of that step, and the importance of that step within the Certificate Authority. The results of this book will create a Certificate Authority that can issue certificates internally within an organization in a secure manner, using best practices.
This book is meant for developers, network administrators and systems administrators who have a basic understanding of Windows Server and Public Key Infrastructures and need to deploy a Certificate Authority rapidly within their environment for various purposes. By using the steps provided in this book, there will be a Certificate Authority framework created that can be customized for whatever requirements are needed in any environment.
This book is also meant to be used by developers, network administrators and system administrators who can interpret this guide and modify it for their existing environment. Simply following this guide will not implement a functioning PKI for your organization, you will need to modify the steps accordingly to make it function properly. This means creating different servers, modifying steps for different Active Directory domains, modifying LDAP settings, modifying file paths, creating different certificates, and other critical steps as needed.
The contents of this book are presented in a thorough, but easy to follow manner. Screenshots are provided for important steps for verification purposes and to demonstrate how the environment should be configured. It should take approximately ten hours to go through this book from start to finish.
Table of Contents
Included in the book are 12 chapters which explain the process for creating a Certificate Authority using Active Directory Certificate Services:
- Public Key Infrastructure Overview
- Certificate Authority Test Environment
- Domain Controller and Workstation Setup
- Offline Root CA Setup
- Subordinate CA Setup
- Deploy Root and Subordinate Certificates
- Online Responder Role Configuration
- Private Key Archive and Recovery
- Certificate Template Customization
- Certificate Enrollment
- AD CS Post-Implementation Tasks
- AD CS Quick Start
Also included is a Glossary, a list of all commands used in the book and a complete Index.