Get rid of those annoying self-signed certificates with Microsoft Certificate Services, Part 4
In Part 1 of the guide, we introduced Certificate Services and we discussed the design and the plan to deploy these services.
In Part 2, we installed and configure the Web Server used to distribute Certificate Revocation Lists (CRLs), requests and issue certificates and create a CNAME DNS record for the Web Server.
In Part 3 of the guide, we installed and configured the Standalone Root CA.
In this part, we will install and configure the Enterprise Subordinate CA server used to request and issue certificates. Let’s get to work!
Requirements:
Install a server with Windows Server 2016 or 2019 for the Enterprise CA server, set a name for the server, configure the computer with a static IP address and join the machine to the domain.
Before the setup of Certificate Services in the server, publish the Root CA to AD and add the Root CA cert and CRL to the local certificate store.
Add the Root CA certificate and CRL to the local certificate store
To add the Root CA certificate and CRL to the local certificate stores, type the following command in an elevated command…
