Update Workflows/Windows/Windows Server/Roles/Active Directory Certificate Services/Deployment.md
All checks were successful
GitOps Automatic Deployment / GitOps Automatic Deployment (push) Successful in 7s
All checks were successful
GitOps Automatic Deployment / GitOps Automatic Deployment (push) Successful in 7s
This commit is contained in:
@ -41,11 +41,12 @@ This document outlines the Microsoft-recommended best practices for deploying a
|
|||||||
- Check the "**Standalone CA**" radio box then click "**Next**"
|
- Check the "**Standalone CA**" radio box then click "**Next**"
|
||||||
- Check the "**Root CA** radio box then click "**Next**"
|
- Check the "**Root CA** radio box then click "**Next**"
|
||||||
- Check the "**Create a new private key**" radio box then click "**Next**"
|
- Check the "**Create a new private key**" radio box then click "**Next**"
|
||||||
-
|
- Click the dropdown menu for "**Select a crypotographic provider**" and ensure that "**RSA#Microsoft Software Key Storage Provider**" is selected
|
||||||
|
- Set the key length to `4096`
|
||||||
|
- Set the hash algorithm to SHA256
|
||||||
|
|
||||||
!!! warning "Raw Unprocessed Documentation - Do Not Use"
|
!!! warning "Raw Unprocessed Documentation - Do Not Use"
|
||||||
Install AD CS role as a Standalone Root CA.
|
3. 10-year validity.
|
||||||
3. Use RSA 4096-bit key, SHA-256, 10-year validity.
|
|
||||||
4. Configure AIA and CDP extensions with HTTP paths.
|
4. Configure AIA and CDP extensions with HTTP paths.
|
||||||
5. Publish root cert and CRL to AD and internal HTTP.
|
5. Publish root cert and CRL to AD and internal HTTP.
|
||||||
3. Online Subordinate CA Setup
|
3. Online Subordinate CA Setup
|
||||||
|
|||||||
Reference in New Issue
Block a user