Latest Posts

Install AD CS (Certification Service) on Windows Server 2016 to Deploy Enterprise PKI

This is an example deployment of AD DS / AD FS  and AD CS for Enterprise PKI to integrate with AD.


Install AD DS and AD FS









Follow the instruction , next , next, until complete the installation.


Configure AD DS and AD FS

After installation completed, before you install AD CS, complete the configuration of AD DS and AD FS. Start with AD DS.

Add a new forest : 51sectest.dev

Keep your netbios domain name and path as default, next


Reboot machine then you can continue configuring AD FS. (It is optional)

To configure AD FS, you will need a pfx/pkcs12 format SSLcertificate.




Install AD CS









Configure AD CS

Choose following four roles one by one to configure.

Choose Enterprise CA

Choose Root CA

Create a private key

Choose cryptographic provider: Microsoft software cryptographic program. , SHA256, Key length, 4096

Other option will be default.


Create a new user : NDES



Add it into IIS_IUSRS and Domain Admins Groups


For following two roles, you will need to use this NDES account to configure them:




Generate Certificate Request & Submit to MS CA to Sign, Install and Replace existing Web Cert






References






















No comments