Update Workflows/Windows/Windows Server/Roles/Active Directory Certificate Services.md
All checks were successful
GitOps Automatic Deployment / GitOps Automatic Deployment (push) Successful in 8s
All checks were successful
GitOps Automatic Deployment / GitOps Automatic Deployment (push) Successful in 8s
This commit is contained in:
@ -29,6 +29,7 @@ This document outlines the Microsoft-recommended best practices for deploying a
|
|||||||
- `Certification Authority Web Enrollment`
|
- `Certification Authority Web Enrollment`
|
||||||
- When prompted to confirm multiple times, click the "**Add Features**" button
|
- When prompted to confirm multiple times, click the "**Add Features**" button
|
||||||
- Ensure the "**Include management tools (if applicable)**" checkbox is checked.
|
- Ensure the "**Include management tools (if applicable)**" checkbox is checked.
|
||||||
|
- There are additional steps such as `Configure AIA and CDP extensions with HTTP paths` and `Publish root cert and CRL to AD and internal HTTP`, but these do not apply to an LDAPS-only deployment, and are more meant for websites / webhosting. (current understanding)
|
||||||
- Click "**Next**" > "**Next**" > "**Next**" > "**Install**"
|
- Click "**Next**" > "**Next**" > "**Next**" > "**Install**"
|
||||||
- Restart the Server
|
- Restart the Server
|
||||||
|
|
||||||
@ -68,6 +69,11 @@ You will see a finalization screen confirming everything we have configured, it
|
|||||||
If everything went well, you will see that the "**Certificate Authority**" and "**Certification Authority Web Enrollment**" both have a status of "**Configuration succeeded**". At this point, you can click the "**Close**" button to conclude the Root CA configuration.
|
If everything went well, you will see that the "**Certificate Authority**" and "**Certification Authority Web Enrollment**" both have a status of "**Configuration succeeded**". At this point, you can click the "**Close**" button to conclude the Root CA configuration.
|
||||||
|
|
||||||
### Online (Domain-Joined) Subordinate/Intermediary CA `LAB-CA-02` Role Deployment
|
### Online (Domain-Joined) Subordinate/Intermediary CA `LAB-CA-02` Role Deployment
|
||||||
|
- Navigate to "**Server Manager > (Alert Flag) > Post-deployment Configuration: Active Directory Certificate Services**"
|
||||||
|
- Under credentials, let it automatically populate a domain admin. (e.g. `BUNNY-LAB\nicole.rappe`)
|
||||||
|
- Click "**Next**"
|
||||||
|
-
|
||||||
|
|
||||||
!!! warning "Under Construction"
|
!!! warning "Under Construction"
|
||||||
Section is still being written during lab deployment.
|
Section is still being written during lab deployment.
|
||||||
|
|
||||||
@ -76,12 +82,6 @@ You will see a finalization screen confirming everything we have configured, it
|
|||||||
Section is still being written during lab deployment.
|
Section is still being written during lab deployment.
|
||||||
|
|
||||||
!!! warning "Raw Unprocessed Documentation - Do Not Use"
|
!!! warning "Raw Unprocessed Documentation - Do Not Use"
|
||||||
- `Certificate Enrollment Policy Web Service`
|
|
||||||
- `Certificate Enrollment Web Service`
|
|
||||||
|
|
||||||
4. Configure AIA and CDP extensions with HTTP paths.
|
|
||||||
5. Publish root cert and CRL to AD and internal HTTP.
|
|
||||||
|
|
||||||
3. Online Subordinate CA Setup
|
3. Online Subordinate CA Setup
|
||||||
Steps:
|
Steps:
|
||||||
1. Domain-join a Windows Server and install AD CS as Enterprise Subordinate CA.
|
1. Domain-join a Windows Server and install AD CS as Enterprise Subordinate CA.
|
||||||
|
|||||||
Reference in New Issue
Block a user