From 94827fc1ce3f6bb212452a8f31e0412f9ba05c5a Mon Sep 17 00:00:00 2001 From: Nicole Rappe Date: Fri, 11 Jul 2025 18:00:12 -0600 Subject: [PATCH] Update Workflows/Windows/Windows Server/Roles/Active Directory Certificate Services/Deployment.md --- .../Active Directory Certificate Services/Deployment.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/Workflows/Windows/Windows Server/Roles/Active Directory Certificate Services/Deployment.md b/Workflows/Windows/Windows Server/Roles/Active Directory Certificate Services/Deployment.md index e31bd56..fbc7041 100644 --- a/Workflows/Windows/Windows Server/Roles/Active Directory Certificate Services/Deployment.md +++ b/Workflows/Windows/Windows Server/Roles/Active Directory Certificate Services/Deployment.md @@ -41,11 +41,12 @@ This document outlines the Microsoft-recommended best practices for deploying a - Check the "**Standalone CA**" radio box then click "**Next**" - Check the "**Root CA** radio box then click "**Next**" - Check the "**Create a new private key**" radio box then click "**Next**" - - + - Click the dropdown menu for "**Select a crypotographic provider**" and ensure that "**RSA#Microsoft Software Key Storage Provider**" is selected + - Set the key length to `4096` + - Set the hash algorithm to SHA256 !!! warning "Raw Unprocessed Documentation - Do Not Use" - Install AD CS role as a Standalone Root CA. - 3. Use RSA 4096-bit key, SHA-256, 10-year validity. + 3. 10-year validity. 4. Configure AIA and CDP extensions with HTTP paths. 5. Publish root cert and CRL to AD and internal HTTP. 3. Online Subordinate CA Setup