From 674a667ba587ff15c312728b1ece18d9a92fd325 Mon Sep 17 00:00:00 2001 From: Nicole Rappe Date: Wed, 16 Jul 2025 02:17:16 -0600 Subject: [PATCH] Update Workflows/Windows/Windows Server/Roles/Active Directory Certificate Services.md --- .../Roles/Active Directory Certificate Services.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Workflows/Windows/Windows Server/Roles/Active Directory Certificate Services.md b/Workflows/Windows/Windows Server/Roles/Active Directory Certificate Services.md index 3836a59..8739784 100644 --- a/Workflows/Windows/Windows Server/Roles/Active Directory Certificate Services.md +++ b/Workflows/Windows/Windows Server/Roles/Active Directory Certificate Services.md @@ -18,6 +18,7 @@ This document outlines the Microsoft-recommended best practices for deploying a ## Offline (Non-Domain-Joined) Root CA `LAB-CA-01` ### Role Deployment This is the initial deployment of the root certificate authority, the settings here should be double and triple checked before proceeding through each step. + - Provision a **non-domain-joined** Windows Server - This is critical that this device is not domain-joined for security purposes - Navigate to "**Server Manager > Manage > Add Roles and Features**" @@ -37,6 +38,7 @@ This is the initial deployment of the root certificate authority, the settings h ### Role Configuration We have a few things we need to configure within the CA to make it ready to handle certificate requests. + - Navigate to "**Server Manager > (Alert Flag) > Post-deployment Configuration: Active Directory Certificate Services**" - You will be prompted for an admin user, in this example, you will use the pre-populated `LAB-CA-01\Administrator` - Check the boxes for `Certification Authority` and `Certification Authority Web Enrollment` then click "**Next**"