bunny-lab/docs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update Workflows/Windows/Windows Server/Roles/Active Directory Certificate Services.md
All checks were successful
GitOps Automatic Deployment / GitOps Automatic Deployment (push) Successful in 8s
Details

Browse Source
This commit is contained in:
Nicole Rappe
2025-07-14 14:10:52 -06:00
parent 56480f49fd
commit d18528f5b8
1 changed files with 6 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
Workflows/Windows/Windows Server/Roles/Active Directory Certificate Services.md
View File

@ -29,6 +29,7 @@ This document outlines the Microsoft-recommended best practices for deploying a
- `Certification Authority Web Enrollment`
- When prompted to confirm multiple times, click the "**Add Features**" button
- Ensure the "**Include management tools (if applicable)**" checkbox is checked.
- There are additional steps such as `Configure AIA and CDP extensions with HTTP paths` and `Publish root cert and CRL to AD and internal HTTP`, but these do not apply to an LDAPS-only deployment, and are more meant for websites / webhosting. (current understanding)
- Click "**Next**" > "**Next**" > "**Next**" > "**Install**"
- Restart the Server
@ -68,6 +69,11 @@ You will see a finalization screen confirming everything we have configured, it
If everything went well, you will see that the "**Certificate Authority**" and "**Certification Authority Web Enrollment**" both have a status of "**Configuration succeeded**". At this point, you can click the "**Close**" button to conclude the Root CA configuration.
### Online (Domain-Joined) Subordinate/Intermediary CA `LAB-CA-02` Role Deployment
- Navigate to "**Server Manager > (Alert Flag) > Post-deployment Configuration: Active Directory Certificate Services**"
- Under credentials, let it automatically populate a domain admin. (e.g. `BUNNY-LAB\nicole.rappe`)
- Click "**Next**"
-
!!! warning "Under Construction"
Section is still being written during lab deployment.
@ -76,12 +82,6 @@ You will see a finalization screen confirming everything we have configured, it
Section is still being written during lab deployment.
!!! warning "Raw Unprocessed Documentation - Do Not Use"
- `Certificate Enrollment Policy Web Service`
- `Certificate Enrollment Web Service`
4. Configure AIA and CDP extensions with HTTP paths.
5. Publish root cert and CRL to AD and internal HTTP.
3. Online Subordinate CA Setup
Steps:
1. Domain-join a Windows Server and install AD CS as Enterprise Subordinate CA.