The conclusion to this 8-part series on creating a Certificate Authority in Windows Server 2019 using Active Directory Certificate Services.

What good is a Certificate Authority in an Active Directory environment if there is no way to automatically deploy the Certificates? Luckily, with the use of Group Policy and a few configuration changes to Certificate Templates, this is a fairly easy task.

Certificates are not always one size fits all for an organization, but luckily it is fairly easy to customize the Certificates that are deployed to your organization.

The last thing that you ever want to deal with is losing the Private Key for an important Certificate. Luckily, this is easy to avoid with the use of Key Archiving directly to Active Directory.

For every Certificate Authority, it is inevitable that you are eventually going to need to revoke a Certificate for one reason or another. The Online Responder Role in Active Directory Certificate Services is capable of rapidly revoking Certificates and ensuring that users in your organization are notified as quickly as possible.

Once the Certificate Authority has been created it is time to deploy those Certificates to the organization. Through the use of Group Policy with Active Directory, this is a fairly easy task, and can deploy the Certificates to the organization in only a few minutes.

Once the Root CA has been created, the Subordinate CA needed to be setup. This Subordinate CA is needed to do all of the work for the Certificate Authority. It will issue all Certificates to the organization and handle the day to day operations.

The first step in establishing a two-tier Certificate Authority is the creation of the Root Certificate. The Root Certificate is the most important part of the Certificate Trust, and it is critical that this is setup properly and securely from day one.