The Lab - Episode 2 - Installing an Enterprise Certification Authority
- 3 minutes read - 493 wordsIT Specialists, hello everyone! Today a very fast but fundamental video: we add the second piece of the lab, putting a Certification Authority on track.
Video
Find the entire video below, or you can continue reading the article.
Why is a Certification Authority useful in the lab?
Here’s why a Certification Authority can be useful in the lab:
- Because a CA is always useful, regardless. 😊
- Because I want to implement LDAPS on Active Directory right away (and the next video will talk about this).
- Because, later in the lab, I want to implement Certificate Based Authentication directly on Microsoft Enter.
Tips and resources for designing a real PKI infrastructure
As you’ll see shortly, we’ll get straight to the point without too many frills. It’s not the purpose of this video to explain in detail how many and what types of Certification Authorities exist or to fully explore how to design a PKI infrastructure.
Let’s just say that, in a lab environment, it’s more than enough to install an Enterprise CA to leave it always active and at our disposal.
In a production environment, however, it needs to be designed much more carefully.
It could be a 2 or 3-tier infrastructure, in the most complex cases, and last but not least, it’s a good idea to turn off the Root CA and keep everything in a secure location.
But, as I said, the topic is far too vast to cover it here in our lab.
So, to delve into the topic, I leave you with a series of great articles from Microsoft Tech Community:
- Designing and Implementing a PKI: Part I Design and Planning
- Designing and Implementing a PKI: Part II Implementation Phases and Certificate Authority Installation
- Designing and Implementing a PKI: Part III Certificate Templates
- Designing and Implementing a PKI: Part IV Configuring SSL for Web Enrollment and Enabling Key Archival
- Designing and Implementing a PKI: Part V Disaster Recovery
Installation and configuration of Active Directory Certificate Services
As usual, I have a Windows Server 2022 Datacenter machine ready in Azure, with the smalldisk image, I joined it to the domain, and so we are ready to install and configure the role!
You won’t believe it, but we’re done already: our CA is up and running, ready to be used.
Now that we’re ready to produce certificates en masse, in the next video, we’ll see how to implement LDAPS on Active Directory.
Conclusions
As you may have noticed, today’s video was very fast-paced and, during this series, there will be longer videos alternating with much faster ones, depending on what we need to implement.
In any case, thank you for following me even in this video and, if you liked it and if you like this type of content, subscribe to my YouTube channel: it costs you nothing but, for me, it’s very important and makes all the difference!
Until next time, I’ll be waiting for you… LEGENDARY!
Your IT Specialist,
Riccardo