This step-by-step guide will show you how to configure AD certificate server. Active Directory (AD) Certificate Services acronym is either ADCS or AD CS. You should also note that many people will call it a cert server or just certs. This article assume that you have ready install ADCS, if you have not done this step, make sure that you see How to Install AD Certificate Services.
A Microsoft Endpoint Configuration Manager (SCCM / ConfigMgr / MCM) administrator wears many hats. Working with AD Certificate Service is just one of the hats!
Before we get started, this guide set will install a simple AD CS environment that, can be used within a Lab environment. Although 100% correct, this setup will like NOT pass a proper security review. As such if you plan to use this within production, I recommend that you talk to your security team first. They might already have AD CS for you to use. Before you ask, why will this not pass a security audit, the simple reason is that you first (Root) Certificate Service server should NEVER be attached to any network. Without going to the complete details, the Root CS server should be a Standalone server. Which in turns issue a cert to another CS server to allow them to issue certs. But for lab environments this guide is in my option good enough.
How to Configure AD Certificate Services
Before getting started make sure that you logon with an Enterprise Admin account. Within the video, I have upgraded my account be a member Enterprise Admin.
After logon the easiest way to configure AD Certificate Services, is to select the post deployment option within Server Manager. Start by clicking the link.
On the Credentials Node, ensure that the account you are using has Enterprise Admins right. Click Change… to use a different account otherwise click Next.
Select Certification Authority before clicking Next.
For this lab keep the Enterprise CA option and click Next.
We are installing a Root CA so keep that selected and click Next.
Keep the option to Create a new private key and click Next.
For my lab I’m going to use a SHA512 algorithm with a Key length of 2048.
We will keep the Common and Distinguished names for this CA. Click Next.
I change the validity period to 10 years for Certs on this server. Click Next.
Again, because this for a lab, I will access the defaults, and click Next.
Now that we have selected everything, review the settings before click Configure.
Wait for the configuration to complete and then click Close. With that last step completed you are done Configure AD Certificate Server. I personally, like to reboot to ensure that we are at a clean point before doing anything else.
So, what is next in this set? There are many things that I want to document but everything how to create a code signing Certificate which you can then use to code sign you PowerShell scripts. To other such as fixing RDP to use your CA certs.
How to Configure AD Certificate Services Video
Finally, don’t forget that you can subscribe to my RRS feed to stay on top of the latest trips and tricks. Additionally, if you have any questions, please feel free to touch base @Garthmj.