Setup Server 2019 Enterprise CA 5/5: Deploy Policy Templates

Previous: Setup Group Policy   After Setting up an Enterprise CA some Certificate policies are available without additional configuration. In this post I will demonstrate how to add Certificate Template and publish it. Deploy Policy Templates   1. On the Subordinate CA start the “Certification Authority” and select “Certificate Templates”. In the right pane all the out of the box […]

Setup Server 2019 Enterprise CA 4/5: Setup Group Policy

Previous: Subordinate CA   The CA Servers are now configured. Now the domain computers/servers need to trust the certificates which are created by the Subordinate Server. This is done by adding the Root CA certificate to the “Trusted Root Certification Authorities” store.  The certificate can be added in multiple ways, but the easiest way is by adding it with a […]

Setup Server 2019 Enterprise CA 3/5: Subordinate CA

Previous: Offline Root CA   With the Offline Root CA completed, we can now setup of the Subordinate CA server. This server is authorized by the Root CA to issue the certificates. During the setup the CA role will be added and configured. The server will also be authorized by the Root CA  The Subordinate CA Server is the SUBENT-CA02. […]

Setup Server 2019 Enterprise CA 2/5: Offline Root CA

Previous: Overview   The Setup will start with the Offline Root CA server. This server will only be used to authorize the Subordinate Server after that it will be turned off and only turned on to renew the Certificate Revocation List (CRL) & Subordinate CA Certificate. The offline CA Server is the OFFENT-CA01 and is a non-domainjoined server.   Setup […]

Setup Server 2019 Enterprise CA 1/5: Overview

In this Tutorial we’re going to configure a Two-Tier Enterprise PKI with Microsoft Server 2019. The advantage of a Two-Tier Enterprise PKI Hierarchy is that clients only trust the Root CA.  So if a Subordinate server gets compromised the Root CA does not have to be replaced. During normal operation the Root CA will be offline and Certificate requests are […]