Installation
- Install the “Active Directory Certificate Services” role.
- Activate the “Certification Authority” service and, if necessary, “Web-based Certification Authority Registration.”
Configuration
- Select post-installation configuration for the role.
- Activate the certification authority.
- Create an enterprise certification authority.
- Then, create a root certification authority.
- Create a new private key.
- The default options are sufficient in most cases.
- Specify the certificate name that will appear.
- You can extend the validity period of the root certificate.
- You can extend the validity period of the root certificate.
Installing the Root Certificate via GPO
- Exporting the Certificate: The root certificate is only accessible from the server where the role is installed. Export this certificate. Launch an MMC console (from the certificate server). Add components. Select Certificates and then the local computer account. You can now export the root certificate.
- Creating the GPO: The goal of the GPO is to deploy the root certificate to all PCs. GPO: Certificate Services Client – Auto Enrollment. Import the certificate onto the workstations. You can force the retrieval of the root certificate on the workstations with
gpupdate /force
.
0 Comments