Update Workflows/Windows/Windows Server/Roles/Active Directory Certificate Services.md
All checks were successful
GitOps Automatic Deployment / GitOps Automatic Deployment (push) Successful in 7s
All checks were successful
GitOps Automatic Deployment / GitOps Automatic Deployment (push) Successful in 7s
This commit is contained in:
@ -1,12 +1,12 @@
|
||||
## Purpose
|
||||
This document outlines the Microsoft-recommended best practices for deploying a secure, internal-use-only, two-tier Public Key Infrastructure (PKI) using Windows Server 2022 or newer. The PKI supports securing S/MIME email, 802.1X Wi-Fi with NPS, and LDAP over SSL (LDAPS).
|
||||
|
||||
!!! abstract "Environment Breakdown"
|
||||
!!! abstract "CA Deployment Breakdown"
|
||||
The environment will consist of at least 2 virtual machines. For the purposes of this document they will be named `LAB-CA-01` and `LAB-CA-02`. This stands for "*Lab Certificate Authority [01|02]*". In a two-tier hierarchy, an offline (*you intentionally keep this VM offline*) Root CA signs a single "*Subordinate*" Enterprise CA certificate. The Subordinate CA is domain-joined and handles all certificate requests. Clients trust the PKI via Group Policy and Active Directory integration.
|
||||
|
||||
In this case, `LAB-CA-01` is the Root CA, while `LAB-CA-02` is the Intermediary/Subordinate CA. You can add more than one subordinate CA if you desire more redundancy in your environment. Making them operate together is generally automatic and does not require manual intervention.
|
||||
|
||||
!!! note "Provisioning Assumptions"
|
||||
!!! note "Certificate Authority Provisioning Assumptions"
|
||||
- OS = Windows Server 2022/2025 bare-metal or as a VM
|
||||
- You should give it at least 4GB of RAM.
|
||||
- [Change the edition of Windows Server from "**Evaluation**" to "**Standard**" via DISM](https://docs.bunny-lab.io/Workflows/Windows/Change%20Windows%20Edition/)
|
||||
|
||||
Reference in New Issue
Block a user