Installing an Enterprise Root Certificate with Windows Infrastructure Administration
Installing Enterprise Root – how to install and configure a company’s root certificate. And deploying the root certificate via GPO.
Useful external reference: Microsoft Learn.
Installing Enterprise Root Overview
- Install the “Active Directory Certificate Services” role.
- Activate the “Certification Authority” service and, if necessary, “Web-based Certification Authority Registration.”
Installing Enterprise Root Overview
- Select post-installation configuration for the role.
- Activate the certification authority.
- Create an enterprise certification authority.
- Then, create a root certification authority.
- Create a new private key.
- The default options are sufficient in most cases.
- Specify the certificate name that will appear.
- You can extend the validity period of the root certificate.
- You can extend the validity period of the root certificate.
Installing Enterprise Root Overview
- Exporting the Certificate: The root certificate is only accessible from the server where the role is installed. Export this certificate. Launch an MMC console (from the certificate server). Add components. Select Certificates and then the local computer account. You can now export the root certificate.
Installing Enterprise Root –
Useful external reference: Microsoft Learn.
- Creating the GPO: The goal of the GPO is to deploy the root certificate to all PCs. GPO: Certificate Services Client – Auto Enrollment. Import the certificate onto the workstations. You can force the retrieval of the root certificate on the workstations with
gpupdate /force.
Installing Enterprise Root –
Useful external reference: Microsoft Learn.