August 2019
Intermediate to advanced
786 pages
20h 22m
English
Now that we're done with the root CA setup, the next step is to set up the issuing CA. Issuing CAs will be run from a domain member server and will be AD-integrated. In order to perform the installation, log into the server as the Domain Admin or Enterprise Admin.
The first task will be to install the AD CS role:
Add-WindowsFeature ADCS-Cert-Authority -IncludeManagementTools
I will use the same server for the Web Enrollment Role Service. This can be added using the following command:
Add-WindowsFeature ADCS-web-enrollment
After that, we can configure the role service using the following command:
Install-ADcsCertificationAuthority -CACommonName "REBELAdmin IssuingCA" -CAType EnterpriseSubordinateCA -CryptoProviderName ...
Read now
Unlock full access