Setup Server 2019 Enterprise CA 1/5: Overview

Posted on: September 25, 2019, by :

In this Tutorial we’re going to configure a Two-Tier Enterprise PKI with Microsoft Server 2019. The advantage of a Two-Tier Enterprise PKI Hierarchy is that clients only trust the Root CA.  So if a Subordinate server gets compromised the Root CA does not have to be replaced. During normal operation the Root CA will be offline and Certificate requests are handled by the Subordinate CA. The Root CA is a non-domain joined device and will only be turned on issue a certificate for the Subordinate CA or to update the  Certificate Revocation List (CRL).

 

The Tutorial consists out of 5 parts

 

 

 

In this setup we are going to build this setup.

 

 

Before you start with this tutorial create the following servers and install them with Microsoft Server 2019. In this tutorial we are only configuring the servers.

Servername OS Role Notes
DC01 MS Server 2019 Domain Controller
OFFENT-CA01 MS Server 2019 Offline Standalone Root CA non-domain joined
SUBENT-CA02 MS Server 2019 Online Enterprise Subordinate CA Domain joined

 

Let’s get started!

Next: Offline Root CA

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *