diff --git a/Workflows/Windows/Windows Server/Roles/Active Directory Certificate Services.md b/Workflows/Windows/Windows Server/Roles/Active Directory Certificate Services.md index 2a94ac0..f37c570 100644 --- a/Workflows/Windows/Windows Server/Roles/Active Directory Certificate Services.md +++ b/Workflows/Windows/Windows Server/Roles/Active Directory Certificate Services.md @@ -114,7 +114,11 @@ You will see a finalization screen confirming everything we have configured, it You will see a screen telling you that the **Certification Authority Web Enrollment** was successful but it will give a warning about the **Certification Authority**. The Active Directory Certificate Services installation is incomplete. To complete the installation, use the request file to obtain a certificate from the parent CA [*The RootCA*]. Then, use the Certification Authority snap-in to install the certificate. To complete this procedure, right-click the node with the name of the CA, and then click "Install CA Certificate". ### Online (Domain-Joined) Subordinate/Intermediary CA `LAB-CA-02` Configuration Deployment -At this point, we will need to focus on getting the certificate signing request transferred to `LAB-CA-01` (the rootCA), this can be via temporary network access (sharing a CSR via a SMB network share from `LAB-CA-02`) (not recommended) or via a USB flashdrive (more secure). +At this point, we will need to focus on getting the certificate signing request generated on `LAB-CA-02` to `LAB-CA-01` (the rootCA), this can be via temporary network access or via a USB flashdrive. + +!!! danger + If using a USB flashdrive is not viable, don't leave the RootCA on the network any longer than what is absolutely necessary. + - Once the certificate signing request file `C:\LAB-CA-02.bunny-lab.io_bunny-lab-LAB-CA-02-CA.req` is on `LAB-CA-01` (RootCA) we can proceed to get it signed. - **PLACEHOLDER**