From 8b6b608f04bddd11ce900f63e5a07979abc4f064 Mon Sep 17 00:00:00 2001 From: Nicole Rappe Date: Fri, 11 Jul 2025 18:14:10 -0600 Subject: [PATCH] Update Workflows/Windows/Windows Server/Roles/Active Directory Certificate Services/Deployment.md --- .../Active Directory Certificate Services/Deployment.md | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/Workflows/Windows/Windows Server/Roles/Active Directory Certificate Services/Deployment.md b/Workflows/Windows/Windows Server/Roles/Active Directory Certificate Services/Deployment.md index da4a450..b0f80f5 100644 --- a/Workflows/Windows/Windows Server/Roles/Active Directory Certificate Services/Deployment.md +++ b/Workflows/Windows/Windows Server/Roles/Active Directory Certificate Services/Deployment.md @@ -43,7 +43,14 @@ This document outlines the Microsoft-recommended best practices for deploying a - Check the "**Create a new private key**" radio box then click "**Next**" - Click the dropdown menu for "**Select a crypotographic provider**" and ensure that "**RSA#Microsoft Software Key Storage Provider**" is selected - Set the key length to `4096` - - Set the hash algorithm to SHA256 + - Set the hash algorithm to `SHA256` + - Click "**Next**" + - **Common Name for this CA**: `BunnyLab-RootCA` + - **Distinguished name suffix**: `O=Bunny Lab, C=US` + - **Preview of distinguished name**: `CN=BunnyLab-RootCA,O=Bunny Lab, C=US` + - Click "**Next**" + - Specify the validity period: `10 Years` then click "**Next**" + - !!! info "RSA#Microsoft Software Key Storage Provider" Microsoft Software Key Storage Provider (KSP) is the latest, most flexible provider designed to work with the Cryptography Next Generation (CNG) APIs. It offers better support for modern algorithms and improved security management (such as support for key attestation, better hardware integration, and improved key protection mechanisms).