Active Directory Certificate Services Discussion and Install Guide

Today we’re going to discuss and deploy Active Directory Certificate Services on a Windows Server 2022 Server. Additionally, we’ll also be generating a domain certificate request inside of IIS and then assign the resultant certificate to a WSUS Server.

This video will demonstrate and explain the process of deploying a Windows Server 2022 Certification Authority with AD CS.

Check it out and feel free to leave a comment! Scroll down below for more information and details on the guide.

Who’s this guide for

This guide is perfect for a seasoned IT professional or a beginner who is looking at getting experience with Windows Server 2022.

What’s included in the video

In this guide I will walk you through the following:

• Discussion
  • SSL Certificates (Host verification)
  • Internal Root Certification Authorities (Root CAs)
  • Internal Root CA vs Public Trusted Root CAs
  • HTTPS Scanning (Web Filtering) and SSL Certificates
  • Intermediate Certificate Authorities
  • Why ADCS?
  • AD CS Certificate Templates
  • Encryption
  • Certificate Issuance

• Demonstration
  • Server Manager Role Installation
  • MMC Snap-in for Certificates (Local Computer)
    • Root CAs
  • Install Active Directory Certificate Services (AD CS)
    • Add Server Role
    • Root CA Trust Discussion
    • AD CS Installation on Domain Controller Installation
    • AD CS Prerequisites
    • Web Enrollment Discussion
    • AD CS and IIS Discussion
  • Install Internet Information Services (IIS) as pre-requisite
  • Configure Active Directory Certificate Services (AD CS)
    • Credentials
    • Role Configuration
    • Enterprise CA vs Standalone CA
    • Root CA vs Subordinate CA
    • Private Key Creation and Cryptographic options
    • Root CA Naming
    • Validity Period
  • Certification Authority MMC Usage
  • Root CA Replication to Domain (“gpupdate /force” and restart)
  • AD CS Certificate Templates Overview
    • Certificate Templates MMC
    • Duplicate and Customize Web Server Certificate Template
    • Enable Auto-Enrollment for Certificate Template
  • Use IIS to request certificate from Active Directory Certification Authority
    • Create Domain Certificate
  • Enable SSL on WSUS Server using Active Directory Certificate Services Certificate
    • Bind new certificate to IIS Web Server
    • Update GPO to reflect SSL URL and port number
    • Run “iisreset” on elevated command prompt
  • Demonstration Summary

What’s required

To get started you’ll need:

• 1 x Server (Virtual Machine or Physical Server)
• Microsoft Windows Server 2022 Licensing
• A running Windows Server 2022 Instance (OSE)
• A network router and/or firewall

Hardware/Software used in this demonstration

• VMware vSphere
• HPE DL360p Gen8 Server
• Microsoft Windows Server 2022
• pfSense Firewall